![]() |
Plagegeister aller Art und deren Bekämpfung: Telekom Abuse - Mailversandsperre - Malware(?) gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Hallo, bin neu hier, kenne mich nicht so gut aus mit dem ganzem Kram hier, hoffe ich mache alles richtig.. Habe vom Deutsche Telekom Abuse Team eine Mailversandsperre gekriegt, da Spam von meinem Mailserver verschickt wird. Habe bereits eine Datei durch ANTIVIR (FREE ANTIVIRUS GUARD) gefunden ( C:\Windows\System32\drivers\cwezora.sys ) , bekomme sie allerdings nicht weg. Habe dann den GMER heruntergeladen und folgenden Bericht gescannt: GMER - hxxp://www.gmer.net Rootkit scan 2010-04-26 22:47:26 Windows 6.0.6002 Service Pack 2 Running: q58ddr29.exe; Driver: C:\Users\Andy\AppData\Local\Temp\kgtdrpob.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 85791BF8 INT 0x72 ? 85791BF8 INT 0x82 ? 86120BF8 INT 0x82 ? 879A8F00 INT 0x82 ? 86120BF8 INT 0x92 ? 879A8F00 INT 0xA3 ? 879A8F00 INT 0xB1 ? 85790BF8 INT 0xB1 ? 85790BF8 INT 0xB2 ? 879A8F00 INT 0xB3 ? 879A8F00 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\sphh.sys Das System kann den angegebenen Pfad nicht finden. ! ? System32\Drivers\cwezora.sys Ein an das System angeschlossenes Gerät funktioniert nicht. ! PAGE ataport.SYS!DllUnload 836E1B2E 5 Bytes JMP 857911D8 .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F807340, 0x39BD97, 0xE8000020] .text USBPORT.SYS!DllUnload 8EEF441B 5 Bytes JMP 879A84E0 .text a4ct0sol.SYS 8AF7F000 22 Bytes [82, 73, 7D, 82, 6C, 72, 7D, ...] .text a4ct0sol.SYS 8AF7F017 45 Bytes [00, 32, 47, B9, 82, 3D, 45, ...] .text a4ct0sol.SYS 8AF7F045 135 Bytes [DA, 4B, 82, FD, 59, 45, 82, ...] .text a4ct0sol.SYS 8AF7F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX} .text a4ct0sol.SYS 8AF7F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...] .text ... .text aqp3u5ww.SYS 8F208000 22 Bytes [82, 73, 7D, 82, 6C, 72, 7D, ...] .text aqp3u5ww.SYS 8F208017 159 Bytes [00, 32, 47, B9, 82, 3D, 45, ...] .text aqp3u5ww.SYS 8F2080B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aqp3u5ww.SYS 8F2080CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...] .text aqp3u5ww.SYS 8F20811F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...] .text ... PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9C85103F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9C8510AF 1 Byte [16] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9C8510AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9C851130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9C851137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE ... C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0x9E185000] .clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0x9E186000, 0x1000, 0x00000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!SetWindowsHookExW 76D287AD 5 Bytes JMP 6E679521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CallNextHookEx 76D28E3B 5 Bytes JMP 6E66CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!UnhookWindowsHookEx 76D298DB 5 Bytes JMP 6E5E43F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CreateWindowExW 76D31305 5 Bytes JMP 6E67D3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxParamW 76D510B0 5 Bytes JMP 6E5A51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxIndirectParamW 76D52EF5 5 Bytes JMP 6E773C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxParamA 76D68152 5 Bytes JMP 6E773BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxIndirectParamA 76D6847D 5 Bytes JMP 6E773C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectA 76D7D4D9 5 Bytes JMP 6E773B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectW 76D7D5D3 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectW 76D7D5D3 5 Bytes JMP 6E773AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxExA 76D7D639 5 Bytes JMP 6E773A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxExW 76D7D65D 5 Bytes JMP 6E773A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] ole32.dll!OleLoadFromStream 76BA1E12 5 Bytes JMP 6E773F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1240] ole32.dll!CoCreateInstance 76BD9EA6 5 Bytes JMP 6E67D408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Windows\Explorer.EXE[1436] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 760AB364 4 Bytes [F0, 1F, 00, 10] .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!CreateWindowExW 76D31305 5 Bytes JMP 6E67D3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamW 76D510B0 5 Bytes JMP 6E5A51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamW 76D52EF5 5 Bytes JMP 6E773C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamA 76D68152 5 Bytes JMP 6E773BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamA 76D6847D 5 Bytes JMP 6E773C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectA 76D7D4D9 5 Bytes JMP 6E773B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW 76D7D5D3 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW 76D7D5D3 5 Bytes JMP 6E773AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExA 76D7D639 5 Bytes JMP 6E773A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExW 76D7D65D 5 Bytes JMP 6E773A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A8B6D2] \SystemRoot\System32\Drivers\sphh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A8B040] \SystemRoot\System32\Drivers\sphh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A8B7FC] \SystemRoot\System32\Drivers\sphh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A8B0BE] \SystemRoot\System32\Drivers\sphh.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A8B13C] \SystemRoot\System32\Drivers\sphh.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A9B048] \SystemRoot\System32\Drivers\sphh.sys IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortNotification] 009E840F IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortCompleteRequest] 4FBC35FF IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortMoveMemory] 4D898AFA IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortInitialize] 6A8AFA4F IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52 IAT \SystemRoot\System32\Drivers\a4ct0sol.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortNotification] F73BFF33 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortCompleteRequest] 61642446 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortMoveMemory] 7E398F21 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 61902846 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8F21 IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortInitialize] 500000FA IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF IAT \SystemRoot\System32\Drivers\aqp3u5ww.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75 IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [8B3CBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [8B3CBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [8B3CBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [04972300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [04971B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [04972690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[1240] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [04971290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73BCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Internet Explorer\iexplore.exe[2580] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 87989C88 Device \FileSystem\Ntfs \Ntfs 861231F8 Device \Driver\volmgr \Device\VolMgrControl 8611E1F8 Device \Driver\PCI_PNP9207 \Device\00000050 sphh.sys Device \Driver\usbuhci \Device\USBPDO-0 87AE61F8 Device \Driver\usbuhci \Device\USBPDO-1 87AE61F8 Device \Driver\usbehci \Device\USBPDO-2 879B01F8 Device \Driver\usbuhci \Device\USBPDO-3 87AE61F8 Device \Driver\usbuhci \Device\USBPDO-4 87AE61F8 AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.) Device \Driver\usbuhci \Device\USBPDO-5 87AE61F8 Device \Driver\usbehci \Device\USBPDO-6 879B01F8 Device \Driver\volmgr \Device\HarddiskVolume1 8611E1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8611E1F8 Device \Driver\cdrom \Device\CdRom0 87BD31F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 861211F8 Device \Driver\iaStor \Device\Ide\iaStor0 [836458E0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 861211F8 Device \Driver\atapi \Device\Ide\IdePort1 861211F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [836458E0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\cdrom \Device\CdRom1 87BD31F8 Device \Driver\volmgr \Device\HarddiskVolume3 8611E1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{F742E631-4011-4928-917C-C2918E69C625} 8859B500 Device \Driver\cdrom \Device\CdRom2 87BD31F8 Device \Driver\cdrom \Device\CdRom3 87BD31F8 Device \Driver\netbt \Device\NetBt_Wins_Export 8859B500 Device \Driver\Smb \Device\NetbiosSmb 885AE1F8 Device \Driver\iScsiPrt \Device\RaidPort0 87BA42A0 Device \Driver\PCI_PNP9207 \Device\0000004f sphh.sys Device \Driver\sptd \Device\1642957220 sphh.sys Device \Driver\usbuhci \Device\USBFDO-0 87AE61F8 Device \Driver\usbuhci \Device\USBFDO-1 87AE61F8 Device \Driver\usbehci \Device\USBFDO-2 879B01F8 Device \Driver\usbuhci \Device\USBFDO-3 87AE61F8 Device \Driver\usbuhci \Device\USBFDO-4 87AE61F8 Device \Driver\usbuhci \Device\USBFDO-5 87AE61F8 Device \Driver\usbehci \Device\USBFDO-6 879B01F8 Device \Driver\sptd \Device\1643113221 sphh.sys Device \Driver\netbt \Device\NetBT_Tcpip_{384B93C8-339C-4254-A486-144F63A04BFF} 8859B500 Device \Driver\VClone \Device\Scsi\VClone1 87C951F8 Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target2Lun0 87C951F8 Device \Driver\a4ct0sol \Device\Scsi\a4ct0sol1 87BD21F8 Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target1Lun0 87C951F8 Device \Driver\aqp3u5ww \Device\Scsi\aqp3u5ww1 87BE71F8 Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 87C951F8 Device \FileSystem\cdfs \Cdfs 8818C1F8 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] cwezora <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\cwezora@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x09 0xEA 0x99 0x0C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x15 0xF7 0x56 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x51 0xB0 0x51 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8C 0x8A 0xA7 0x57 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0x5F 0xE3 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x36 0x5F 0xE3 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x36 0x5F 0xE3 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\cwezora@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x09 0xEA 0x99 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x15 0xF7 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x51 0xB0 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8C 0x8A 0xA7 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x36 0x5F 0xE3 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x36 0x5F 0xE3 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x36 0x5F 0xE3 0xB2 ... ---- EOF - GMER 1.0.15 ---- Ist das überhaupt der Grund der Mailsperre oder liegts doch an was anderem? Was ich nun tun muss, weiß ich allerdings nicht mehr.. Hoffe mir kann jemand helfen den Virus wegzukriegen... Vielen dank im voraus Andy |
![]() | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Hallo und
__________________![]() Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: ![]() 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete: C:\Windows\System32\drivers\cwezora.sys drivers to delete: cwezora.sys cwezora 5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ |
![]() | #3 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden 7.) Logfile of The Avenger Version 2.0, (c) by Swandog46
__________________hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\System32\drivers\cwezora.sys" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\cwezora.sys" not found! Deletion of driver "cwezora.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "cwezora" deleted successfully. Completed script processing. ******************* Finished! Terminate. 8.) hxxp://www.file-upload.net/download-2471663/backup.zip.html |
![]() | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Ok. Bitte nun einen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #5 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Scan mit Malwarebytes: ---------------------------- Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4044 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18813 28.04.2010 12:49:03 mbam-log-2010-04-28 (12-49-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 244755 Laufzeit: 1 Stunde(n), 11 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Scan mit OTL: LOG 1 ---------------------------------------- OTL Extras logfile created on: 29.04.2010 10:52:51 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Andy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18813) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,29 Gb Total Space | 43,90 Gb Free Space | 30,64% Space Free | Partition Type: NTFS Drive D: | 143,08 Gb Total Space | 101,53 Gb Free Space | 70,96% Space Free | Partition Type: NTFS Drive E: | 691,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDY-PC Current User Name: Andy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3207940453-3166242105-3311808420-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17FDB819-7DD4-4AD8-B2BC-61E45091D923}" = lport=2869 | protocol=6 | dir=in | app=system | "{680679FD-E201-4192-BE61-C51AA47BBB79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{78CF7784-AED9-44F2-B6AF-FD19D96971AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A28E1310-750C-42EE-8D68-2878E01D62BE}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F3BDA2-8ECD-492F-B92E-0D7999E76E9D}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{172A157F-4A16-48BC-B4A9-3887F27AAEEF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{2580B8E5-7428-4FAC-8F6C-C0343B120B38}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | "{2F2CBC97-442A-4293-A97A-498A74C6452B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{30E5440C-16AC-48A7-8A1A-29CB01E7D738}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{3CA39C67-B4E4-4D9B-9674-7CBAA8BD96BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{661CCE61-A2E9-443F-82AD-0094E8A8392A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7122D457-9B2C-475E-9971-779BEC115EAE}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{7974B2B8-C8C0-4A4B-859E-2B1C648B3533}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{89CA6F39-7F10-46B2-AC5A-0664E0332866}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{904BF045-B930-47F6-A657-07AFCDFEB630}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | "{96FB3669-089F-4424-A704-8065087E959B}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{C59E83B6-9178-4754-B1FA-649C6B524B31}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{D4483541-50E6-4EEA-84BF-295156ECD239}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{ECF8CB2A-336B-468D-AFF3-924E29C9A93C}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{EF762F93-0AE8-43B6-BBC2-AB2D52DDF041}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "TCP Query User{208940F3-D2BF-45F8-B9D0-62EBA617034D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{28D63C51-1097-43EB-8CC6-E7BCF6D552CA}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{37DB6C2D-2043-4F02-B8ED-0E13A3FD8FA9}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{440F229F-5C8D-4E22-B37D-3ECF84C49AA9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{457D497C-AC50-46D0-A79C-57BAE95A9B04}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{53AF942F-5ECA-4175-B2C9-93982C61BD3D}C:\users\andy\downloads\blubvolley_0.8m\blubvolley\blubvolley.exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\blubvolley_0.8m\blubvolley\blubvolley.exe | "TCP Query User{567C1B2D-EA02-4B63-8029-EFDDA2AA5AD0}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{70056EDB-FD9E-4C02-B63F-97C3429AEF95}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{7FA11B33-D1A4-4B43-ADE6-52A7969CC96C}C:\casino\paradisecasino - german\casino.exe" = protocol=6 | dir=in | app=c:\casino\paradisecasino - german\casino.exe | "TCP Query User{8BD74DB5-886B-4469-99D7-B5B62B4C14D9}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe | "TCP Query User{9D7A1C5B-69F1-4A31-854B-B7461F5F574B}C:\program files\steam\steamapps\pimmelwichser\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pimmelwichser\counter-strike source\hl2.exe | "TCP Query User{AD6CB949-A884-4292-A388-D8AD4F88561A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{AEFE4EF4-4967-4091-9404-F3BF48839E5B}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | "TCP Query User{AEFF117B-74F3-4F61-A397-E4CDF05612BF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{E1C35541-9369-4B46-BAC1-55E76B35D178}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | "TCP Query User{E36FBCD2-8115-4C25-8A29-10EC7BEC0527}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{01A3A4E8-B40D-4C50-9A2F-C122103E5BB5}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{042684D0-635C-453D-A68A-BF94AE397418}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{055E9C04-DC3A-4472-A95C-AFE912F12E72}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{37E48820-6705-42B2-88B9-741FA0146D75}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{69B1895E-D445-4E8D-8DB4-9463D2B35D93}C:\casino\paradisecasino - german\casino.exe" = protocol=17 | dir=in | app=c:\casino\paradisecasino - german\casino.exe | "UDP Query User{7BEB9B5D-DD75-4419-BC18-2C66DF190EF2}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | "UDP Query User{8ABC6C48-5A20-49B2-8863-EE2CAFB5E894}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{9312D7ED-0B15-4AA8-A8F4-8AB04A8577A2}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{B733A9B4-1A17-4425-868F-67042F8A36D9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{B97A6011-B686-4FB4-9CB0-FD9378E2FBFA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{C2AE34A4-18DD-4909-921E-62609DFA0FE8}C:\users\andy\downloads\blubvolley_0.8m\blubvolley\blubvolley.exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\blubvolley_0.8m\blubvolley\blubvolley.exe | "UDP Query User{D8BCB531-371F-49CE-BED2-D4FE93A7E2B6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E27BF337-5326-4560-BB19-0F5A9932998C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{E8896DD1-B3AC-4EE8-8C88-B8A7E6069F4A}C:\program files\steam\steamapps\pimmelwichser\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pimmelwichser\counter-strike source\hl2.exe | "UDP Query User{F3C745C2-B742-4AF0-A9D2-689A2DF8F2A7}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | "UDP Query User{FCE75270-D52E-43EF-9709-C9E137649DD7}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager 03 "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Applian FLV Player2.0.24" = Applian FLV Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "bwin Casino" = bwin Casino "Cinergy T USB XE MKII" = Cinergy T USB XE MKII V6.09.28.05b "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1120 "Free FLV Converter_is1" = Free FLV Converter V 6.6.4 "Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "GridVista" = Acer GridVista "HijackThis" = HijackThis 2.0.2 "ICLIPRECORDER_is1" = zoneLINK iClip Recorder "Indeo® software" = Indeo® software "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "NVIDIA Drivers" = NVIDIA Drivers "Open Video Joiner_is1" = Open Video Joiner version "SimpleScreenshot" = SimpleScreenshot 1.40 "SopCast" = SopCast 3.0.3 "Starcraft" = Starcraft "Steam App 240" = Counter-Strike: Source "SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008) "SystemRequirementsLab" = System Requirements Lab "TBass3D.exe" = Field & Stream® Trophy Bass 3D "Total Video Converter 3.50_is1" = Total Video Converter 3.50 "TVAnts 1.0" = TVAnts 1.0 "VirtualCloneDrive" = VirtualCloneDrive "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.04.2010 09:52:10 | Computer Name = Andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AcroRd32.exe, Version, Zeitstempel 0x46444e37, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.4053, Zeitstempel 0x4a594c79, Ausnahmecode 0xc0000005, Fehleroffset 0x00014a7f, Prozess-ID 0x15c4, Anwendungsstartzeit 01cadb0a8aa84e44. Error - 13.04.2010 16:32:15 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 14.04.2010 08:51:43 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 15.04.2010 08:10:25 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 16.04.2010 06:06:50 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 19.04.2010 04:45:35 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 20.04.2010 06:57:42 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 21.04.2010 00:28:51 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 21.04.2010 09:02:29 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2010 07:42:06 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 26.04.2010 18:11:36 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:11:42 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:11:49 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:11:55 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:12:02 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:12:08 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:12:14 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:12:21 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 26.04.2010 18:12:32 | Computer Name = Andy-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 27.04.2010 20:33:29 | Computer Name = Andy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 28.04.2010 um 02:32:27 unerwartet heruntergefahren. < End of report > |
![]() | #6 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden LOG 2: ------------- OTL logfile created on: 29.04.2010 10:52:51 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Andy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18813) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,29 Gb Total Space | 43,90 Gb Free Space | 30,64% Space Free | Partition Type: NTFS Drive D: | 143,08 Gb Total Space | 101,53 Gb Free Space | 70,96% Space Free | Partition Type: NTFS Drive E: | 691,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDY-PC Current User Name: Andy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe () PRC - C:\Programme\T-Mobile Internet Manager 03\UIExec.exe () PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Users\Andy\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Windows\BR040286.exe (Bison Inc.) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (UI Assistant Service) -- C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe () SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\af15bda.sys (AfaTech ) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.bwin.de" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}: FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com: FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager 03\addon [2009.11.06 01:42:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 20:51:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.12 18:19:36 | 000,000,000 | ---D | M] [2008.07.06 20:13:40 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions [2010.04.26 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\vpi6ogkv.default\extensions [2010.04.08 22:47:49 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\vpi6ogkv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009.08.26 12:49:07 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\vpi6ogkv.default\extensions\moveplayer@movenetworks.com [2010.04.26 10:59:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.02.12 21:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Programme\Mozilla Firefox\plugins\npigl.dll [2010.01.17 18:30:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.17 18:30:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.17 18:30:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.17 18:30:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.17 18:30:50 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Zonelink iClip Recorder) - {6D685611-B7A8-4B4C-A161-346390B5189C} - C:\Programme\zoneLINK\iClip Recorder\iClipIEBand.dll () O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Zonelink iClip Recorder) - {6D685611-B7A8-4B4C-A161-346390B5189C} - C:\Programme\zoneLINK\iClip Recorder\iClipIEBand.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe (Bison Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Internet Manager 03\UIExec.exe () O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data] O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1998.12.13 16:43:32 | 000,000,040 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{10484633-e7d6-11dd-bb56-ad499a08b136}\Shell\AutoRun\command - "" = G:\menu.exe -- File not found O33 - MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\Shell - "" = AutoRun O33 - MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\Shell\AutoRun\command - "" = I:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\Shell\dinstall\command - "" = I:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998.12.01 14:04:40 | 000,025,600 | R--- | M] () O33 - MountPoints2\{805a0f5f-0855-11df-9e06-001b38dd9316}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{805a0f5f-0855-11df-9e06-001b38dd9316}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.29 10:52:12 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe [2010.04.28 11:35:20 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes [2010.04.28 11:35:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.28 11:35:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 11:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.28 11:35:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.28 11:34:19 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andy\Desktop\mbam-setup-1.45.exe [2010.04.28 02:33:09 | 000,000,000 | ---D | C] -- C:\Avenger [2010.04.26 21:59:52 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.23 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Avira [2010.04.12 18:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.03.31 17:44:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2010.03.31 17:44:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2010.03.31 17:44:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2010.03.31 17:41:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2010.03.31 17:30:59 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll [2010.03.31 17:30:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe [2010.03.31 17:30:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.03.31 17:30:02 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.03.31 17:30:02 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.03.31 17:30:02 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2010.03.31 17:30:02 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll [2010.03.31 17:30:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.03.31 17:30:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.03.31 17:30:02 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2010.03.31 17:30:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.03.31 17:30:01 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.03.31 17:30:01 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll [2010.03.31 17:30:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.03.31 17:30:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.03.31 17:30:01 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll [2010.03.31 17:30:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2010.03.31 17:30:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2010.03.31 17:30:01 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.03.31 17:30:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2010.03.31 17:30:00 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll [2010.03.31 17:30:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll [2010.03.31 17:29:59 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll [2010.03.31 17:29:59 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2010.03.31 17:29:59 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll [2010.03.31 17:29:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll [2010.03.31 17:29:56 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll [2010.03.31 17:29:56 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll [2010.03.31 17:29:56 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll [2010.03.31 17:29:56 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll [2010.03.31 17:29:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime [2010.03.31 17:29:56 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2010.03.31 17:29:56 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll [2010.03.31 17:29:55 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll [2010.03.31 17:29:55 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll [2010.03.31 17:29:55 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll [2010.03.31 17:29:55 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2010.03.31 17:29:55 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll [2010.03.31 17:29:55 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2010.03.31 17:29:55 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2010.03.31 17:29:55 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll [2010.03.31 17:29:55 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2010.03.31 17:29:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2010.03.31 17:29:55 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe [2010.03.31 17:29:55 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2010.03.31 17:29:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime [2010.03.31 17:29:55 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe [2010.03.31 17:29:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll [2010.03.31 17:29:55 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe [2010.03.31 17:29:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe [2010.03.31 17:29:54 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2010.03.31 17:29:54 | 003,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.03.31 17:29:54 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2010.03.31 17:29:54 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.03.31 17:29:54 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2010.03.31 17:29:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2010.03.31 17:29:54 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2010.03.31 17:29:54 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll [2010.03.31 17:29:53 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll [2010.03.31 17:29:53 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll [2010.03.31 17:29:53 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll [2010.03.31 17:29:53 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe [2010.03.31 17:29:53 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll [2010.03.31 17:29:53 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe [2010.03.31 17:29:52 | 003,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.03.31 17:29:52 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll [2010.03.31 17:29:52 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.03.31 17:29:52 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2010.03.31 17:29:52 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll [2010.03.31 17:29:52 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll [2010.03.31 17:29:52 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2010.03.31 17:29:52 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2010.03.31 17:29:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll [2010.03.31 17:29:52 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll [2010.03.31 17:29:52 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll [2010.03.31 17:29:52 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.03.31 17:29:52 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll [2010.03.31 17:29:52 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2010.03.31 17:29:52 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll [2010.03.31 17:29:52 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime [2010.03.31 17:29:52 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime [2010.03.31 17:29:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll [2010.03.31 17:29:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll [2010.03.31 17:29:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe [2010.03.31 17:29:52 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll [2010.03.31 17:29:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe [2010.03.31 17:29:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe [2010.03.31 17:29:51 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2010.03.31 17:29:51 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2010.03.31 17:29:51 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll [2010.03.31 17:29:51 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.03.31 17:29:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2010.03.31 17:29:51 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2010.03.31 17:29:51 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2010.03.31 17:29:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll [2010.03.31 17:29:51 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.03.31 17:29:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2010.03.31 17:29:50 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2010.03.31 17:29:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.03.31 17:29:50 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2010.03.31 17:29:50 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll [2010.03.31 17:29:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2010.03.31 17:29:50 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL [2010.03.31 17:29:46 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe [2010.03.31 17:29:36 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll [2010.03.31 17:29:36 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll [2010.03.31 17:29:36 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll [2010.03.31 17:29:36 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll [2010.03.31 17:29:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll [2010.03.31 17:29:36 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll [2010.03.31 17:29:36 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll [2010.03.31 17:29:36 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys [2010.03.31 17:29:36 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys [2010.03.31 17:29:35 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.03.31 17:29:35 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2010.03.31 17:29:35 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll [2010.03.31 17:29:35 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2010.03.31 17:29:35 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.03.31 17:29:35 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe [2010.03.31 17:29:35 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll [2010.03.31 17:29:35 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll [2010.03.31 17:29:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll [2010.03.31 17:29:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2010.03.31 17:29:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2010.03.31 17:29:34 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll [2010.03.31 17:29:34 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe [2010.03.31 17:29:34 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2010.03.31 17:29:34 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe [2010.03.31 17:29:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.03.31 17:29:33 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2010.03.31 17:29:33 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe [2010.03.31 17:29:33 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2010.03.31 17:29:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll [2010.03.31 17:29:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2010.03.31 17:29:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe [2010.03.31 17:29:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll [2010.03.31 17:29:33 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll [2010.03.31 17:29:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll [2010.03.31 17:29:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll [2010.03.31 17:29:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll [2010.03.31 17:29:32 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe [2010.03.31 17:29:32 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll [2010.03.31 17:29:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll [2010.03.31 17:29:32 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe [2010.03.31 17:29:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll [2010.03.31 17:29:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll [2010.03.31 17:29:32 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2010.03.31 17:29:32 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2010.03.31 17:29:32 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010.03.31 17:29:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe [2010.03.31 17:29:31 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll [2010.03.31 17:29:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll [2010.03.31 17:29:31 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2010.03.31 17:29:31 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll [2010.03.31 17:29:31 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll [2010.03.31 17:29:31 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll [2010.03.31 17:29:31 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll [2010.03.31 17:29:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll [2010.03.31 17:29:31 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe [2010.03.31 17:29:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll [2010.03.31 17:29:31 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll [2010.03.31 17:29:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll [2010.03.31 17:29:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe [2010.03.31 17:29:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll [2010.03.31 17:29:30 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll [2010.03.31 17:29:30 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2010.03.31 17:29:30 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.03.31 17:29:30 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2010.03.31 17:29:30 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe [2010.03.31 17:29:30 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe [2010.03.31 17:29:30 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2010.03.31 17:29:30 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll [2010.03.31 17:29:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2010.03.31 17:29:30 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll [2010.03.31 17:29:30 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2010.03.31 17:29:30 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2010.03.31 17:29:30 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2010.03.31 17:29:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2010.03.31 17:29:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe [2010.03.31 17:29:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2010.03.31 17:29:29 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll [2010.03.31 17:29:28 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll [2010.03.31 17:29:28 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2010.03.31 17:29:28 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll [2010.03.31 17:29:28 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll [2010.03.31 17:29:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll [2010.03.31 17:29:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll [2010.03.31 17:29:27 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll [2010.03.31 17:29:26 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll [2010.03.31 17:29:26 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll [2010.03.31 17:29:26 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll [2010.03.31 17:29:26 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll [2010.03.31 17:29:26 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll [2010.03.31 17:29:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [2010.03.31 17:29:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.03.31 17:29:25 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll [2010.03.31 17:29:25 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll [2010.03.31 17:29:25 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2010.03.31 17:29:25 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll [2010.03.31 17:29:25 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll [2010.03.31 17:29:25 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll [2010.03.31 17:29:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2010.03.31 17:29:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe [2010.03.31 17:29:25 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys [2010.03.31 17:29:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll [2010.03.31 17:29:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2010.03.31 17:29:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe [2010.03.31 17:29:24 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll [2010.03.31 17:29:24 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe [2010.03.31 17:29:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2010.03.31 17:29:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll [2010.03.31 17:29:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe [2010.03.31 17:29:23 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2010.03.31 17:29:23 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2010.03.31 17:29:23 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll [2010.03.31 17:29:23 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.03.31 17:29:23 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl [2010.03.31 17:29:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll [2010.03.31 17:29:23 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2010.03.31 17:29:23 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll [2010.03.31 17:29:23 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe [2010.03.31 17:29:23 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys [2010.03.31 17:29:23 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime [2010.03.31 17:29:23 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe [2010.03.31 17:29:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe [2010.03.31 17:29:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2010.03.31 17:29:23 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe [2010.03.31 17:29:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll [2010.03.31 17:29:22 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll [2010.03.31 17:29:22 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll [2010.03.31 17:29:22 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2010.03.31 17:29:22 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll [2010.03.31 17:29:22 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2010.03.31 17:29:22 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll [2010.03.31 17:29:22 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll [2010.03.31 17:29:22 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2010.03.31 17:29:22 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2010.03.31 17:29:22 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime [2010.03.31 17:29:21 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll [2010.03.31 17:29:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll [2010.03.31 17:29:21 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll [2010.03.31 17:29:21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll [2010.03.31 17:29:21 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2010.03.31 17:29:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll [2010.03.31 17:29:20 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll [2010.03.31 17:29:20 | 000,177,664 | ---- | C] (Microsoft Corporation) -- |
![]() | #7 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Fortsetzung LOG 2: --------------------- C:\Windows\System32\mpg2splt.ax [2010.03.31 17:29:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll [2010.03.31 17:29:19 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll [2010.03.31 17:29:19 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll [2010.03.31 17:29:19 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2010.03.31 17:29:19 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2010.03.31 17:29:18 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll [2010.03.31 17:29:18 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2010.03.31 17:29:17 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll [2010.03.31 17:29:17 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll [2010.03.31 17:29:17 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll [2010.03.31 17:29:17 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.03.31 17:29:17 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2010.03.31 17:29:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2010.03.31 17:29:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll [2010.03.31 17:29:15 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll [2010.03.31 17:29:15 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll [2010.03.31 17:29:15 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll [2010.03.31 17:29:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL [2010.03.31 17:29:15 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll [2010.03.31 17:29:15 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll [2010.03.31 17:29:15 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2010.03.31 17:29:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.03.31 17:29:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe [2010.03.31 17:29:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll [2010.03.31 17:29:14 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll [2010.03.31 17:29:14 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll [2010.03.31 17:29:14 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll [2010.03.31 17:29:14 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll [2010.03.31 17:29:14 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe [2010.03.31 17:29:14 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll [2010.03.31 17:29:14 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll [2010.03.31 17:29:14 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll [2010.03.31 17:29:14 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll [2010.03.31 17:29:14 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll [2010.03.31 17:29:14 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll [2010.03.31 17:29:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll [2010.03.31 17:29:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2010.03.31 17:29:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2010.03.31 17:29:14 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll [2010.03.31 17:29:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll [2010.03.31 17:29:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll [2010.03.31 17:29:13 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2010.03.31 17:29:13 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2010.03.31 17:29:13 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2010.03.31 17:29:13 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2010.03.31 17:29:13 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll [2010.03.31 17:29:13 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.03.31 17:29:13 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll [2010.03.31 17:29:13 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2010.03.31 17:29:13 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll [2010.03.31 17:29:13 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2010.03.31 17:29:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2010.03.31 17:29:13 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll [2010.03.31 17:29:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2010.03.31 17:29:13 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2010.03.31 17:29:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2010.03.31 17:29:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll [2010.03.31 17:29:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2010.03.31 17:29:12 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime [2010.03.31 17:29:11 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll [2010.03.31 17:29:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll [2010.03.31 17:29:10 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll [2010.03.31 17:29:10 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll [2010.03.31 17:29:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe [2010.03.31 17:29:09 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll [2010.03.31 17:29:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL [2010.03.31 17:29:09 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll [2010.03.31 17:29:09 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll [2010.03.31 17:29:09 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2010.03.31 17:29:08 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2010.03.31 17:29:08 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll [2010.03.31 17:29:08 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll [2010.03.31 17:29:08 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2010.03.31 17:29:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll [2010.03.31 17:29:07 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME [2010.03.31 17:29:07 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL [2010.03.31 17:29:06 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll [2010.03.31 17:29:05 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll [2010.03.31 17:29:04 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll [2010.03.31 17:28:50 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2010.03.31 17:28:50 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2010.03.31 17:28:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2010.03.31 17:28:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2010.03.31 17:28:49 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2010.03.31 17:28:48 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2010.03.31 17:28:46 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2010.03.31 17:28:41 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll [2010.03.31 17:28:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2010.03.31 17:28:35 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll [2010.03.31 17:28:35 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe [2010.03.31 17:28:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll [2010.03.31 17:28:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll [2010.03.31 17:28:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.03.31 17:28:34 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2010.03.31 17:28:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax [2010.03.31 17:28:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll [2010.03.31 17:28:34 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll [2010.03.31 17:28:34 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2010.03.31 17:28:34 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll [2010.03.31 17:28:33 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2010.03.31 17:28:33 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2010.03.31 17:28:33 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2010.03.31 17:28:33 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2010.03.31 17:28:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2010.03.31 17:28:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe [2010.03.31 17:28:32 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe [2010.03.31 17:28:31 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe [2010.03.31 17:28:31 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll [2010.03.31 17:28:31 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2010.03.31 17:28:31 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll [2010.03.31 17:28:31 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll [2010.03.31 17:28:30 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll [2010.03.31 17:28:30 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe [2010.03.31 17:28:30 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2010.03.31 17:28:30 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2010.03.31 17:28:30 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll [2010.03.31 17:28:30 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe [2010.03.31 17:28:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe [2010.03.31 17:28:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll [2010.03.31 17:28:29 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe [2010.03.31 17:28:29 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll [2010.03.31 17:28:29 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll [2010.03.31 17:28:29 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2010.03.31 17:28:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2010.03.31 17:28:29 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll [2010.03.31 17:28:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll [2010.03.31 17:28:28 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll [2010.03.31 17:28:28 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll [2010.03.31 17:28:28 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll [2010.03.31 17:28:28 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2010.03.31 17:28:28 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll [2010.03.31 17:28:28 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll [2010.03.31 17:28:28 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll [2010.03.31 17:28:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2010.03.31 17:28:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys [2010.03.31 17:28:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll [2010.03.31 17:28:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll [2010.03.31 17:28:27 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2010.03.31 17:28:27 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl [2010.03.31 17:28:27 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll [2010.03.31 17:28:27 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL [2010.03.31 17:28:27 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL [2010.03.31 17:28:27 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL [2010.03.31 17:28:27 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll [2010.03.31 17:28:27 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll [2010.03.31 17:28:27 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll [2010.03.31 17:28:27 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe [2010.03.31 17:28:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2010.03.31 17:28:26 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe [2010.03.31 17:28:26 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll [2010.03.31 17:28:26 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.03.31 17:28:26 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.03.31 17:28:26 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll [2010.03.31 17:28:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2010.03.31 17:28:26 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe [2010.03.31 17:28:26 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll [2010.03.31 17:28:26 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2010.03.31 17:28:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll [2010.03.31 17:28:26 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll [2010.03.31 17:28:26 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2010.03.31 17:28:26 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll [2010.03.31 17:28:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2010.03.31 17:28:25 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2010.03.31 17:28:25 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.03.31 17:28:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2010.03.31 17:28:25 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2010.03.31 17:28:25 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2010.03.31 17:28:24 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll [2010.03.31 17:28:24 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2010.03.31 17:28:24 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2010.03.31 17:28:24 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.03.31 17:28:24 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2010.03.31 17:28:24 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys [2010.03.31 17:28:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll [2010.03.31 17:28:24 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys [2010.03.31 17:28:23 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll [2010.03.31 17:28:23 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll [2010.03.31 17:28:23 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll [2010.03.31 17:28:23 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll [2010.03.31 17:28:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx [2010.03.31 17:28:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe [2010.03.31 17:28:23 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll [2010.03.31 17:28:23 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2010.03.31 17:28:23 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll [2010.03.31 17:28:23 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll [2010.03.31 17:28:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll [2010.03.31 17:28:23 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll [2010.03.31 17:28:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2010.03.31 17:28:22 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll [2010.03.31 17:28:22 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys [2010.03.31 17:28:22 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll [2010.03.31 17:28:22 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll [2010.03.31 17:28:22 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe [2010.03.31 17:28:22 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe [2010.03.31 17:28:22 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe [2010.03.31 17:28:22 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll [2010.03.31 17:28:22 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe [2010.03.31 17:28:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll [2010.03.31 17:28:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll [2010.03.31 17:28:22 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll [2010.03.31 17:28:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe [2010.03.31 17:28:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe [2010.03.31 17:28:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe [2010.03.31 17:28:22 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe [2010.03.31 17:28:22 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys [2010.03.31 17:28:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2010.03.31 17:28:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll [2010.03.31 17:28:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll [2010.03.31 17:28:21 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2010.03.31 17:28:21 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll [2010.03.31 17:28:21 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp [2010.03.31 17:28:21 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll [2010.03.31 17:28:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll [2010.03.31 17:28:21 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys [2010.03.31 17:28:20 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2010.03.31 17:28:20 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll [2010.03.31 17:28:20 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2010.03.31 17:28:20 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2010.03.31 17:28:20 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.03.31 17:28:20 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010.03.31 17:28:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll [2010.03.31 17:28:20 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime [2010.03.31 17:26:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2010.03.31 17:12:09 | 365,230,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Andy\Desktop\Windows6.0-KB948465-X86.exe [2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl ========== Files - Modified Within 30 Days ========== [2010.04.29 10:54:12 | 009,437,184 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT [2010.04.29 10:52:22 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe [2010.04.29 10:49:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.29 10:49:39 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.29 10:49:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.29 10:49:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.28 12:52:55 | 000,524,288 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.28 12:52:55 | 000,065,536 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.28 12:52:49 | 002,797,080 | -H-- | M] () -- C:\Users\Andy\AppData\Local\IconCache.db [2010.04.28 11:35:15 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.28 11:34:26 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andy\Desktop\mbam-setup-1.45.exe [2010.04.28 11:31:55 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.28 11:31:55 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.28 11:31:55 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.28 11:31:55 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.28 11:31:55 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.28 02:29:17 | 000,724,952 | ---- | M] () -- C:\Users\Andy\Desktop\avenger.zip [2010.04.27 00:12:08 | 000,098,356 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\nvModes.001 [2010.04.26 22:11:23 | 000,293,376 | ---- | M] () -- C:\Users\Andy\Desktop\q58ddr29.exe [2010.04.26 21:59:52 | 000,001,878 | ---- | M] () -- C:\Users\Andy\Desktop\HijackThis.lnk [2010.04.13 15:52:11 | 000,000,008 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\jdzarn.dat [2010.03.31 18:12:26 | 288,062,113 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.03.31 17:48:04 | 000,331,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.31 17:26:05 | 365,230,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Andy\Desktop\Windows6.0-KB948465-X86.exe [2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.03.31 03:58:04 | 002,083,312 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxsfs.dll [2010.03.31 03:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\px.dll [2010.03.31 03:58:04 | 000,559,600 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxdrv.dll [2010.03.31 03:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxwave.dll [2010.03.31 03:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxmas.dll [2010.03.31 03:58:04 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxafs.dll [2010.03.31 03:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll [2010.03.31 03:58:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe [2010.03.31 03:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxinsa64.exe [2010.03.31 03:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxcpya64.exe ========== Files Created - No Company Name ========== [2010.04.28 11:35:15 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.28 02:29:26 | 000,731,136 | ---- | C] () -- C:\Users\Andy\Desktop\avenger.exe [2010.04.28 02:29:06 | 000,724,952 | ---- | C] () -- C:\Users\Andy\Desktop\avenger.zip [2010.04.26 22:11:20 | 000,293,376 | ---- | C] () -- C:\Users\Andy\Desktop\q58ddr29.exe [2010.04.26 21:59:52 | 000,001,878 | ---- | C] () -- C:\Users\Andy\Desktop\HijackThis.lnk [2010.04.13 15:52:11 | 000,000,008 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\jdzarn.dat [2010.03.31 18:12:26 | 288,062,113 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.03.31 17:29:54 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2010.03.31 17:29:52 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2010.03.31 17:29:52 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2010.03.31 17:29:36 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2010.03.31 17:29:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.03.31 17:29:33 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2010.03.31 17:28:33 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls [2010.03.31 17:28:30 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2010.03.31 17:28:26 | 002,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2010.03.31 17:28:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.03.31 17:28:23 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2010.03.31 17:28:22 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2010.03.31 17:28:21 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2009.10.15 12:56:16 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.10.15 12:52:44 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2009.10.15 12:49:59 | 000,000,265 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.09.22 16:23:52 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll [2009.01.31 00:21:30 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.09.18 17:44:47 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.07.03 16:39:54 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.05.21 16:49:27 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.05.21 16:49:23 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.03.25 23:41:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 20:18:51 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.03.25 13:18:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.03.25 13:12:07 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 12:50:03 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:23BEBB72 < End of report > |
![]() | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O33 - MountPoints2\{10484633-e7d6-11dd-bb56-ad499a08b136}\Shell\AutoRun\command - "" = G:\menu.exe -- File not found O33 - MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\Shell - "" = AutoRun O33 - MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\Shell\AutoRun\command - "" = I:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\Shell\dinstall\command - "" = I:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998.12.01 14:04:40 | 000,025,600 | R--- | M] () O33 - MountPoints2\{805a0f5f-0855-11df-9e06-001b38dd9316}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{805a0f5f-0855-11df-9e06-001b38dd9316}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe [2010.04.13 15:52:11 | 000,000,008 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\jdzarn.dat :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #9 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10484633-e7d6-11dd-bb56-ad499a08b136}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10484633-e7d6-11dd-bb56-ad499a08b136}\ not found. File G:\menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1048465f-e7d6-11dd-bb56-ad499a08b136}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1048465f-e7d6-11dd-bb56-ad499a08b136}\ not found. File I:\setup\rsrc\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1048465f-e7d6-11dd-bb56-ad499a08b136}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1048465f-e7d6-11dd-bb56-ad499a08b136}\ not found. File I:\Directx\dxsetup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2450e6a3-26f4-11dd-b69c-806e6f6e6963}\ not found. File move failed. E:\SETUP.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805a0f5f-0855-11df-9e06-001b38dd9316}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{805a0f5f-0855-11df-9e06-001b38dd9316}\ not found. File .\RECYCLER\Lcass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805a0f5f-0855-11df-9e06-001b38dd9316}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{805a0f5f-0855-11df-9e06-001b38dd9316}\ not found. File .\RECYCLER\Lcass.exe not found. C:\Users\Andy\AppData\Roaming\jdzarn.dat moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Andy ->Temp folder emptied: 27454068 bytes ->Temporary Internet Files folder emptied: 375436714 bytes ->Java cache emptied: 78750002 bytes ->FireFox cache emptied: 72655554 bytes ->Flash cache emptied: 2155784 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7613365 bytes RecycleBin emptied: 6745380 bytes Total Files Cleaned = 544,00 mb OTL by OldTimer - Version log created on 04292010_194418 Files\Folders moved on Reboot... File move failed. E:\SETUP.EXE scheduled to be moved on reboot. Registry entries deleted on Reboot... |
![]() | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden Ok. Dann mach jetzt bitte nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #11 |
| ![]() Telekom Abuse - Mailversandsperre - Malware(?) gefunden ComboFix 10-04-30.03 - Andy 01.05.2010 15:42:20.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.2193 [GMT 2:00] ausgeführt von:: c:\users\Andy\Desktop\cofi.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3207940453-3166242105-3311808420-500 . ((((((((((((((((((((((( Dateien erstellt von 2010-04-01 bis 2010-05-01 )))))))))))))))))))))))))))))) . 2010-05-01 13:49 . 2010-05-01 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-29 17:44 . 2010-04-29 17:44 -------- d-----w- C:\_OTL 2010-04-29 10:02 . 2010-04-29 10:02 -------- d-----w- c:\program files\QuickTime 2010-04-29 10:02 . 2010-04-29 10:02 -------- d-----w- c:\programdata\Apple Computer 2010-04-29 10:01 . 2010-04-29 10:01 -------- d-----w- c:\program files\Common Files\Apple 2010-04-29 09:59 . 2010-04-29 09:59 -------- d-----w- c:\users\Andy\AppData\Local\ArcSoft 2010-04-29 09:58 . 2010-04-29 18:01 -------- d--h--w- c:\programdata\ArcSoft 2010-04-29 09:57 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys 2010-04-29 09:57 . 2010-04-29 09:57 -------- d-----w- c:\program files\Common Files\ArcSoft 2010-04-29 09:57 . 2010-04-29 09:57 -------- d-----w- c:\program files\Kodak 2010-04-29 09:56 . 2010-04-29 18:03 -------- d-----w- c:\users\Andy\AppData\Roaming\ArcSoft 2010-04-28 09:35 . 2010-04-28 09:35 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes 2010-04-28 09:35 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-28 09:35 . 2010-04-28 09:35 -------- d-----w- c:\programdata\Malwarebytes 2010-04-28 09:35 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 09:35 . 2010-04-28 09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 19:59 . 2010-04-26 19:59 -------- d-----w- c:\program files\Trend Micro 2010-04-23 15:47 . 2010-04-23 15:47 -------- d-----w- c:\users\Andy\AppData\Roaming\Avira 2010-04-12 16:18 . 2010-04-12 16:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-04-12 16:18 . 2010-04-12 16:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-04-12 16:16 . 2010-04-12 16:16 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-04-12 16:16 . 2010-04-12 16:19 -------- d-----w- c:\programdata\DivX . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 13:46 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-05-01 13:46 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat 2010-04-29 22:58 . 2008-06-04 21:40 -------- d-----w- c:\program files\Starcraft 2010-04-29 10:00 . 2008-03-25 10:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-21 20:38 . 2008-07-17 14:05 -------- d-----w- c:\program files\Steam 2010-04-13 20:34 . 2008-06-04 20:32 -------- d-----w- c:\users\Andy\AppData\Roaming\ICQ 2010-04-12 16:20 . 2008-06-14 21:52 -------- d-----w- c:\users\Andy\AppData\Roaming\DivX 2010-04-12 16:18 . 2009-10-08 15:16 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-04-12 16:16 . 2010-04-12 16:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-04-12 16:16 . 2010-04-12 16:19 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-04-08 20:47 . 2009-09-09 09:59 177024 ----a-w- c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vpi6ogkv.default\FlashGot.exe 2010-03-31 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-03-31 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-31 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-03-31 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-03-31 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-03-31 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-03-31 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-03-31 15:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-03-31 01:58 . 2008-06-12 15:08 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-30 15:26 . 2008-03-25 11:31 -------- d-----w- c:\program files\Acer GameZone 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-01 08:05 . 2009-06-08 06:11 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-16 12:24 . 2009-06-08 06:11 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2006-05-03 09:06 . 2008-09-18 15:44 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 10:47 . 2008-09-18 15:44 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 . 2008-09-18 15:44 216064 --sh--r- c:\windows\System32\nbDX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "UIExec"="c:\program files\T-Mobile Internet Manager 03\UIExec.exe" [2009-03-30 132608] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ff,99,17,a1,e9,d0,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3207940453-3166242105-3311808420-1000] "EnableNotificationsRef"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-03 717296] R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Internet Manager 03\AssistantServices.exe [2009-03-30 241664] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-10-29 7680] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - BMLoad . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank mStart Page = hxxp://de.intl.acer.yahoo.com IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vpi6ogkv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bwin.de FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\vpi6ogkv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe AddRemove-Azureus - c:\program files\Vuze\Uninstall.exe AddRemove-GridVista - c:\windows\UnInst32.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-05-01 15:49 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3207940453-3166242105-3311808420-1000\Software\SecuROM\License information*] "datasecu"=hex:36,e2,90,89,c5,8f,08,57,89,f7,88,38,74,a3,0c,54,96,94,d6,e2,a5, f1,b1,bb,b4,da,6a,b9,28,f8,58,de,df,ce,67,90,0f,02,37,a2,f5,2c,cf,99,9c,96,\ "rkeysecu"=hex:66,a9,be,12,cb,36,21,10,a0,8a,ec,90,b7,ba,38,5c [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(2484) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . Zeit der Fertigstellung: 2010-05-01 15:51:36 ComboFix-quarantined-files.txt 2010-05-01 13:51 Vor Suchlauf: 17 Verzeichnis(se), 48.571.367.424 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 48.498.966.528 Bytes frei - - End Of File - - F8A2CD3F637B64D71007DE84022689CC |
![]() |
Themen zu Telekom Abuse - Mailversandsperre - Malware(?) gefunden |
.dll, 0 bytes, abuse team, acer, antivir, antivirus, boot, cdrom, controlset002, datei, down, explorer, explorer.exe, free, gmer, hal.dll, i8042prt.sys, iastor.sys, ieframe.dll, iexplore.exe, internet, internet explorer, local\temp, malware, neu, notification, nvlddmkm.sys, registry, shell32.dll, spam, system, system32, tcp, telekom abuse team, temp, usbport.sys, windows |