| |
| |||||||
Log-Analyse und Auswertung: 10 TAN eingeben und Firefox Browser-Hijack combofix?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.05.2010, 18:28
| #1 |
| |  10 TAN eingeben und Firefox Browser-Hijack combofix? Sehr geehrte Damen und Herren, ich habe das gleiche Problem, welches schon einmal an dieser Stelle (18.4.2010 von RJB; http://www.trojaner-board.de/85064-1...-hijack-4.html) gepostet wurde. Entsprechend habe ich alle Anweisungen befolgt, die Ihr (bzw. Cosinus) damals gegeben habt. Bis zu dem Punkt Combofix, da man dieses wohl nur unter Anweisung von Experten tun soll. En Detail: erst CCleaner, dann Malware Bytes (Quickscan), RSIT, OTL und schließlich GMER. Das Einzige was nicht funktioniert hat, war das Programm OSAM, was nicht in der Lage war, die Server Konfiguration online zu beziehen. Keines der Programme hat aktuell etwas gefunden. Bzw. mir suspekte Dateien als solche zu erkennen gegeben. Was natürlich nichts heißen muß. :-) Ich poste hier also einfach mal meine log files und hoffe, daß jemand von euch die Zeit findet da mal drüber zu schauen und mir gegebenfalls weitere Ratschläge gibt. Zu GMER sei noch gesagt, daß ich dummerweise nur die Boot Festplatte gescannt habe... Schonmal vielen Dank für Eure Mühe im Voraus und mit besten Grüßen, Jan MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4129 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 22.05.2010 14:09:45 mbam-log-2010-05-22 (14-09-45).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 184059 Laufzeit: 6 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) RSIT: Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by Advocatus Diaboli at 2010-05-22 14:13:54 Microsoft Windows XP Professional Service Pack 2 System drive C: has 1 GB (2%) free of 78 GB Total RAM: 2047 MB (67% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:14:05, on 22.05.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\GNU\GnuPG\dirmngr.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\****\Desktop\procexp.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\*****\Eigene Dateien\Downloads\RSIT.exe C:\Programme\trend micro\****.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Acrobat 5.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ICQ.lnk = C:\Programme\ICQ6\ICQ6.5\ICQ.exe O4 - Startup: Skype.lnk = C:\Programme\Skype\Phone\Skype.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\Poker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\Poker\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: DirMngr - Unknown owner - C:\Programme\GNU\GnuPG\dirmngr.exe O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5934 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592] "DLCJCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 [] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Acrobat 5.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Acrobat 5.0\Reader\Reader_sl.exe [2010-04-04 36272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2006-03-02 577536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Irmon"=2 C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart ICQ.lnk - C:\Programme\ICQ6\ICQ6.5\ICQ.exe Skype.lnk - C:\Programme\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\ICQ6\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6\ICQ6.5\ICQ.exe:*:Enabled:ICQ" "C:\Spiele\Electronic Arts\EADM\Core.exe"="C:\Spiele\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Programme\SPSSInc\SPSS16DE\spss.com"="C:\Programme\SPSSInc\SPSS16DE\spss.com:*:Disabled:SPSS 16.0 für Windows (1031:com)" "C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe"="C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1031)" "C:\Programme\SPSSInc\SPSS16DE\spss.exe"="C:\Programme\SPSSInc\SPSS16DE\spss.exe:*:Disabled:SPSS 16.0 für Windows (1031:exe)" "D:\Spiele\call of duty2\CoD2MP_s_.exe"="D:\Spiele\call of duty2\CoD2MP_s_.exe:*:Disabled:CoD2MP_s_" "C:\Programme\InterVideo\DVD7\WinDVD.exe"="C:\Programme\InterVideo\DVD7\WinDVD.exe:*:Disabled:WinDVD" "D:\Spiele\BrothersInArms\System\bia.exe"="D:\Spiele\BrothersInArms\System\bia.exe:*:Disabled:Brothers In Arms: Road to Hill 30" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "D:\Spiele\anno\tools\Anno4Web.exe"="D:\Spiele\anno\tools\Anno4Web.exe:*:Disabled:Anno4Web" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 2 months====== 2010-05-22 14:13:55 ----D---- C:\Programme\trend micro 2010-05-22 14:13:54 ----D---- C:\rsit 2010-05-22 11:47:51 ----D---- C:\Programme\CCleaner 2010-05-20 20:03:01 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\Malwarebytes 2010-05-20 20:02:49 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-20 20:02:49 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes 2010-05-20 15:18:45 ----A---- C:\WINDOWS\system32\lsdelete.exe 2010-05-20 12:08:39 ----HDC---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-20 12:08:24 ----D---- C:\Programme\Lavasoft 2010-05-20 12:08:24 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft 2010-05-01 12:31:47 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\Help 2010-05-01 12:30:21 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\SecTaskMan 2010-05-01 12:30:15 ----D---- C:\Programme\Security Task Manager 2010-05-01 11:53:07 ----D---- C:\Programme\Sophos 2010-04-20 20:54:22 ----A---- C:\WINDOWS\WININIT.INI 2010-04-20 20:07:34 ----D---- C:\Programme\NVIDIA Corporation 2010-04-20 20:06:54 ----A---- C:\WINDOWS\system32\OpenCL.dll 2010-04-20 20:06:53 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2010-04-20 20:06:53 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2010-04-20 20:06:53 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2010-04-20 20:06:51 ----A---- C:\WINDOWS\system32\nvcuda.dll 2010-04-20 20:06:50 ----A---- C:\WINDOWS\system32\nvcompiler.dll 2010-04-20 20:06:50 ----A---- C:\WINDOWS\system32\nvcodins.dll 2010-04-20 20:06:50 ----A---- C:\WINDOWS\system32\nvcod.dll 2010-04-20 20:06:50 ----A---- C:\WINDOWS\system32\nvapi.dll 2010-04-11 16:28:47 ----A---- C:\WINDOWS\AviSplitter.INI 2010-04-11 16:28:03 ----D---- C:\Programme\XP Codec Pack 2010-04-11 16:16:33 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\vlc 2010-04-11 16:04:43 ----D---- C:\Programme\VideoLAN 2010-04-09 20:22:11 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-04-09 20:22:09 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2010-04-09 20:22:09 ----A---- C:\WINDOWS\system32\pbsvc_heroes.exe 2010-04-09 20:08:04 ----D---- C:\Programme\EA Games 2010-04-04 23:20:17 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\gnupg 2010-04-04 23:20:15 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\GNU 2010-04-04 23:19:53 ----D---- C:\Programme\GNU 2010-04-03 19:23:18 ----A---- C:\WINDOWS\system32\nvmccs.dll 2010-04-03 19:23:16 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2010-04-03 19:23:16 ----A---- C:\WINDOWS\system32\nvmctray.dll 2010-04-03 19:23:16 ----A---- C:\WINDOWS\system32\nvcpl.dll 2010-04-03 19:23:16 ----A---- C:\WINDOWS\system32\nvcolor.exe 2010-04-03 19:23:00 ----A---- C:\WINDOWS\system32\nvrszht.dll 2010-04-03 19:23:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrstr.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrsth.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrssv.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrssl.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrssk.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrsru.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrspt.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrspl.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrsno.dll 2010-04-03 19:22:58 ----A---- C:\WINDOWS\system32\nvrsnl.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsko.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsja.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsit.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrshu.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrshe.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsfi.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrses.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrseng.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsel.dll 2010-04-03 19:22:56 ----A---- C:\WINDOWS\system32\nvrsde.dll 2010-04-03 19:22:54 ----A---- C:\WINDOWS\system32\nvwddi.dll 2010-04-03 19:22:54 ----A---- C:\WINDOWS\system32\nvrsda.dll 2010-04-03 19:22:54 ----A---- C:\WINDOWS\system32\nvrscs.dll 2010-04-03 19:22:54 ----A---- C:\WINDOWS\system32\nvrsar.dll 2010-03-29 20:45:54 ----D---- C:\Programme\Wisdom-soft AutoScreenRecorder 3 Free ======List of files/folders modified in the last 2 months====== 2010-05-22 14:13:55 ----RD---- C:\Programme 2010-05-22 14:13:50 ----D---- C:\WINDOWS\Prefetch 2010-05-22 14:12:48 ----D---- C:\Programme\Mozilla Firefox 2010-05-22 13:58:05 ----SD---- C:\WINDOWS\Tasks 2010-05-22 13:58:03 ----D---- C:\WINDOWS\Temp 2010-05-22 13:56:36 ----D---- C:\WINDOWS\system32\drivers 2010-05-22 13:52:43 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy 2010-05-22 13:52:41 ----D---- C:\WINDOWS 2010-05-22 13:49:54 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\Skype 2010-05-22 13:47:50 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-22 13:46:06 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-05-22 13:29:32 ----D---- C:\Programme\Mozilla Thunderbird 2010-05-22 11:55:10 ----D---- C:\WINDOWS\Minidump 2010-05-22 11:55:10 ----D---- C:\WINDOWS\Debug 2010-05-22 10:44:11 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\ICQ 2010-05-21 00:38:20 ----D---- C:\Programme\Dl_cats 2010-05-21 00:35:07 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\KeePass 2010-05-20 22:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$ 2010-05-20 15:18:45 ----D---- C:\WINDOWS\system32 2010-05-20 12:12:56 ----HD---- C:\WINDOWS\inf 2010-05-20 12:12:36 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-05-20 12:08:43 ----SHD---- C:\WINDOWS\Installer 2010-05-20 12:08:20 ----D---- C:\WINDOWS\WinSxS 2010-05-09 23:11:43 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-05-09 23:11:03 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Adobe 2010-04-30 22:36:26 ----D---- C:\Dokumente und Einstellungen 2010-04-30 20:22:53 ----SHD---- C:\WINDOWS\CSC 2010-04-20 20:56:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-20 20:56:14 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2010-04-20 20:56:05 ----D---- C:\Programme\ATI Technologies 2010-04-20 20:55:23 ----RSD---- C:\WINDOWS\assembly 2010-04-20 20:08:18 ----D---- C:\WINDOWS\Help 2010-04-17 21:35:21 ----D---- C:\Spiele 2010-04-17 21:31:07 ----RSD---- C:\WINDOWS\Fonts 2010-04-17 21:30:23 ----D---- C:\WINDOWS\system32\appmgmt 2010-04-09 20:14:26 ----D---- C:\WINDOWS\Microsoft.NET 2010-04-09 19:37:50 ----D---- C:\WINDOWS\system32\CatRoot 2010-04-09 19:34:07 ----D---- C:\WINDOWS\system32\XPSViewer 2010-04-09 19:33:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-04 00:55:31 ----A---- C:\WINDOWS\system32\nvudisp.exe 2010-04-04 00:55:31 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2010-04-02 16:54:38 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2010-03-27 17:34:35 ----D---- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\Thunderbird ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 ui11rdr;ui11rdr; C:\WINDOWS\System32\DRIVERS\ui11rdr.sys [2008-07-28 149120] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-28 281760] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-28 25888] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-19 3965056] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 {C5EC35E9-69C1-4E10-89A1CBD7780C816B};{C5EC35E9-69C1-4E10-89A1CBD7780C816B}; \??\C:\WINDOWS\TEMP\BE.tmp [] S3 ALSysIO;ALSysIO; \??\C:\DOKUME~1\ADVOCA~1\LOKALE~1\Temp\ALSysIO.sys [] S3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [] S3 auwrc9xm;auwrc9xm; C:\WINDOWS\system32\drivers\auwrc9xm.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Programme\EVEREST HE analysetool\kerneld.wnt [] S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS [] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1F.tmp [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 DirMngr;DirMngr; C:\Programme\GNU\GnuPG\dirmngr.exe [2009-09-28 242176] R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] S2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-05-20 1314704] S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-09 75064] S3 {9CB83610-5FD0-4D55-806DC5A81A5EE322};{9CB83610-5FD0-4D55-806DC5A81A5EE322}; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 dlcj_device;dlcj_device; C:\WINDOWS\system32\dlcjcoms.exe [2005-07-12 491520] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-01-22 545576] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- OTL: Code:
ATTFilter OTL logfile created on: 22.05.2010 14:17:53 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\******\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,33 Gb Total Space | 1,36 Gb Free Space | 1,79% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 1,79 Gb Free Space | 9,15% Space Free | Partition Type: NTFS Drive E: | 92,25 Gb Total Space | 0,09 Gb Free Space | 0,10% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.05.22 11:04:10 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\OTL.exe PRC - [2010.04.15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\*****\Desktop\procexp.exe PRC - [2010.04.09 10:46:03 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.09.28 18:15:58 | 000,242,176 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.05.22 11:04:10 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\OTL.exe MOD - [2004.08.04 00:54:28 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.05.20 12:12:13 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009.09.28 18:15:58 | 000,242,176 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr) SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2005.07.12 16:33:02 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010.02.28 16:03:25 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.02.28 16:03:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.02.04 17:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009.12.07 19:38:08 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.07 14:03:10 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.09.28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.06.18 12:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.28 14:51:56 | 000,149,120 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ui11rdr.SYS -- (ui11rdr) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.06.16 13:56:38 | 000,083,968 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.05.19 09:44:52 | 003,965,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.08.18 11:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005.08.18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\EVEREST HE analysetool\kerneld.wnt -- (EverestDriver) DRV - [2005.04.05 21:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005.04.05 21:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.08.04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.02 18:27:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.09 23:12:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.01 19:59:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.03.27 17:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions [2010.03.27 17:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.22 11:51:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions [2009.10.06 16:07:03 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.05.13 11:50:42 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.03.28 03:13:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.04.12 18:33:46 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2009.10.06 16:07:02 | 000,000,000 | ---D | M] (More Tools Menu) -- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{9a7a67d3-3048-47fb-acde-d0f7ae51f86a} [2010.03.28 03:13:59 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [2009.10.06 16:07:02 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2009.10.06 16:07:01 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2009.10.06 16:07:01 | 000,000,000 | ---D | M] (Fasterfox [de]) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2010.05.05 18:20:11 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010.03.28 03:13:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.03.30 21:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2010.04.09 20:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\battlefieldheroespatcher@ea.com [2009.10.06 16:07:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\change@c-est-simple.com [2010.03.28 03:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\de-CH@dictionaries.addons.mozilla.org [2010.03.28 03:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.05.13 11:49:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\firebug@software.joehewitt.com [2009.12.08 21:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\firefox@tvunetworks.com [2009.10.06 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\suncult@sf.net [2009.10.06 16:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\3gejylam.default\extensions\translation@nazo [2009.10.06 16:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\backupdefault\extensions [2009.10.06 16:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\g7auz31o.Jan\extensions [2009.10.06 16:06:43 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\g7auz31o.***\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.10.07 02:14:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Firefox\Profiles\j0shimzz.default\extensions [2009.10.06 16:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions [2009.10.06 16:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{04514a2c-a3ab-4f47-8688-55f911b0fe75} [2009.10.06 16:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********i\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{06858c02-7466-4f0f-9438-0ce841280c23} [2009.10.06 16:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2009.10.06 16:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{1368F36C-0370-419a-A408-28F94FD35974} [2009.10.06 16:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2009.10.06 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4} [2009.10.06 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{74FD056A-18A2-41d8-B9A8-2025C3FFBA94} [2009.10.06 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{759F3C3E-A3FC-474b-A6F0-66B14404AA07} [2009.10.06 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009.10.06 16:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2009.10.06 16:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{8e117890-a33f-424b-a2ea-deb272731365} [2009.10.06 16:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2009.10.06 16:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{A154CEEC-79EA-48a8-AD27-BEC22AF360F8} [2009.10.06 16:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009.10.06 16:07:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009.10.06 16:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d} [2009.10.06 16:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9} [2009.10.06 16:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{c8500d90-d72d-11d9-8cd5-0800200c9a66} [2009.10.06 16:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{CCEA9629-894C-4eef-9F40-8301F3146527} [2009.10.06 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{d480644b-a183-47ce-a476-5eb483744fa7} [2009.10.06 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{dd6bfa32-1198-4217-a0e9-1acab501a6e9} [2009.10.06 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.10.06 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{EB8ABF49-0290-410f-BDF2-2F13A38112AB} [2009.10.06 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{f21f76b5-68e2-446d-96d5-c368d1af99e5} [2009.10.06 16:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2009.10.06 16:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\ctc@clav.mozdev.org [2009.10.06 16:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\minesweeper@clav.mozdev.org [2009.10.06 16:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\pwdsave@aeruder.net [2009.10.06 16:07:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Mozilla\Profiles\default\68p9j93e.slt\extensions\videodowloader@videodownloader.net [2010.05.22 11:51:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.09 10:46:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.09 10:46:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.09 10:46:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.09 10:46:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.09 10:46:10 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.10.07 12:36:58 | 000,343,775 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11784 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Acrobat 5.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SpybotSnD] C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\Advocatus Diaboli\Startmenü\Programme\Autostart\ICQ.lnk = C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\Poker\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\Poker\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Advocatus Diaboli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Advocatus Diaboli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.02 15:27:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.08.02 13:44:20 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.22 14:13:55 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.22 14:13:54 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.22 14:03:03 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\********\Desktop\procexp.exe [2010.05.22 13:52:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\********\Recent [2010.05.22 11:47:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.20 20:03:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\********\Anwendungsdaten\Malwarebytes [2010.05.20 20:02:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.20 20:02:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.20 20:02:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.20 20:02:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes [2010.05.20 12:12:37 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010.05.20 12:12:33 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.20 12:08:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.20 12:08:24 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.05.20 12:08:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft [2010.05.12 19:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Desktop\uni [2010.05.01 13:54:01 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys [2010.05.01 12:31:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Lokale Einstellungen\Anwendungsdaten\Help [2010.05.01 12:31:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Anwendungsdaten\Help [2010.05.01 12:30:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\SecTaskMan [2010.05.01 12:30:15 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.05.01 11:53:07 | 000,000,000 | ---D | C] -- C:\Programme\Sophos [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.22 13:58:05 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.05.22 13:47:26 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr [2010.05.22 13:47:15 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.05.22 13:47:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.22 13:47:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.22 13:46:14 | 007,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\NTUSER.DAT [2010.05.22 11:56:41 | 000,095,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Eigene Dateien\cc_20100522_115624.reg [2010.05.22 11:47:59 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Desktop\CCleaner.lnk [2010.05.20 20:02:54 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 12:12:30 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.05.20 12:12:29 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010.05.20 12:08:38 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk [2010.05.19 22:24:18 | 000,001,824 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ******** Lab meeting 2010_05_19 22_24.rtf [2010.05.19 21:15:23 | 000,001,614 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ******** Lab meeting 2010_05_19 21_15.rtf [2010.05.19 10:01:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.13 13:33:15 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.12 22:06:57 | 000,072,080 | ---- | M] () -- C:\Dokumente und Einstellungen\********\g2mdlhlpx.exe [2010.05.12 22:02:56 | 000,000,508 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ******** Lab meeting 2010_05_12 22_02.rtf [2010.05.05 22:10:39 | 000,001,829 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ******** Lab meeting 2010_05_05 22_10.rtf [2010.05.01 10:26:30 | 000,000,053 | ---- | M] () -- C:\biosinfo [2010.05.01 00:55:08 | 096,896,436 | ---- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Eigene Dateien\registry-backup.reg [2010.04.30 21:58:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\ntuser.ini [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.28 22:14:49 | 000,000,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Eigene Dateien\ChatLog ********Lab meeting 2010_04_28 22_14.rtf [2010.04.26 23:47:59 | 004,847,044 | -H-- | M] () -- C:\Dokumente und Einstellungen\********\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.26 20:20:13 | 000,005,150 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\********.kdbx [2010.04.22 23:17:02 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Desktop\Namibia.doc [2010.04.22 22:50:38 | 000,137,216 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\Lebenslauf-Namibia4-10.doc [2010.04.22 21:42:07 | 000,136,192 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\Lebenslauf ********.doc [2010.04.22 21:24:33 | 000,030,967 | ---- | M] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\delfine_DW_Wissens_1073264g.jpg [2010.04.22 21:19:58 | 000,031,470 | ---- | M] () -- C:\Dokumente und Einstellungen\Advocatus Diaboli\Eigene Dateien\Bewerbungsphotomarenklein.jpg [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.22 13:47:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr [2010.05.22 11:56:28 | 000,095,742 | ---- | C] () -- C:\Dokumente und Einstellungen\********i\Eigene Dateien\cc_20100522_115624.reg [2010.05.22 11:47:59 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Desktop\CCleaner.lnk [2010.05.20 20:02:54 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.20 15:18:45 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010.05.20 12:26:22 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.05.20 12:08:38 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk [2010.05.19 22:24:18 | 000,001,824 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ********Lab meeting 2010_05_19 22_24.rtf [2010.05.19 21:15:23 | 000,001,614 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ********Lab meeting 2010_05_19 21_15.rtf [2010.05.12 22:02:56 | 000,000,508 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ******** Lab meeting 2010_05_12 22_02.rtf [2010.05.05 22:10:39 | 000,001,829 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ********Lab meeting 2010_05_05 22_10.rtf [2010.04.28 22:14:49 | 000,000,508 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\ChatLog ******** Lab meeting 2010_04_28 22_14.rtf [2010.04.22 23:03:32 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Desktop\Namibia.doc [2010.04.22 21:42:07 | 000,136,192 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\Lebenslauf ********.doc [2010.04.22 21:24:33 | 000,030,967 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\delfine_DW_Wissens_1073264g.jpg [2010.04.22 21:19:58 | 000,031,470 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\Bewerbungsphotomarenklein.jpg [2010.04.22 20:54:51 | 000,137,216 | ---- | C] () -- C:\Dokumente und Einstellungen\********\Eigene Dateien\Lebenslauf-Namibia4-10.doc [2010.04.20 20:54:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.04.11 16:28:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2010.04.09 20:22:50 | 000,139,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.02.28 16:03:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.02.28 16:03:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.12.06 13:57:44 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2009.12.06 13:57:44 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2009.12.06 13:57:44 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2009.12.06 13:54:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009.12.06 13:54:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2009.12.03 10:53:27 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.10.28 23:18:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.10.17 00:37:08 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009.10.16 17:16:50 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll [2009.10.16 17:16:50 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll [2009.10.16 17:16:50 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll [2009.10.16 17:16:50 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll [2009.10.16 17:16:50 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll [2009.10.16 17:16:50 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll [2009.10.16 17:16:50 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll [2009.10.16 17:16:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll [2009.10.16 17:16:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll [2009.10.16 17:16:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll [2009.10.16 17:16:49 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll [2009.10.16 17:16:48 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll [2009.10.16 17:16:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll [2009.10.16 17:16:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll [2009.10.16 17:16:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll [2009.10.16 17:16:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll [2009.10.16 17:16:47 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll [2009.10.16 17:16:47 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll [2009.10.16 17:16:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll [2009.10.07 15:41:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2009.10.07 15:41:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2009.10.07 14:03:08 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.10.07 03:05:06 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2009.10.07 03:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2009.10.07 02:54:44 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2009.10.07 02:54:44 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2009.10.06 18:08:14 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.05.04 18:08:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CPUINFO2.DLL [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys < End of report > |
|
22.05.2010, 18:29
| #2 |
| | 10 TAN eingeben und Firefox Browser-Hijack combofix? GMER:
__________________Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-22 18:18:38
Windows 5.1.2600 Service Pack 2
Running: koxefpj5.exe; Driver: C:\DOKUME~1\********~1\LOKALE~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT B86BA6E6 ZwCreateKey
SSDT B86BA6DC ZwCreateThread
SSDT B86BA6EB ZwDeleteKey
SSDT B86BA6F5 ZwDeleteValueKey
SSDT spln.sys ZwEnumerateKey [0xB7EC5DA4]
SSDT spln.sys ZwEnumerateValueKey [0xB7EC6132]
SSDT B86BA6FA ZwLoadKey
SSDT spln.sys ZwOpenKey [0xB7EA70C0]
SSDT B86BA6C8 ZwOpenProcess
SSDT B86BA6CD ZwOpenThread
SSDT spln.sys ZwQueryKey [0xB7EC620A]
SSDT spln.sys ZwQueryValueKey [0xB7EC608A]
SSDT B86BA704 ZwReplaceKey
SSDT B86BA6FF ZwRestoreKey
SSDT B86BA6F0 ZwSetValueKey
SSDT B86BA6D7 ZwTerminateProcess
INT 0x62 ? 89D63BF8
INT 0x63 ? 89CFBBF8
INT 0x73 ? 89DCFBF8
INT 0x82 ? 89D63BF8
INT 0x83 ? 89DCFBF8
INT 0xB4 ? 89CFBBF8
---- Kernel code sections - GMER 1.0.15 ----
? spln.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B71E562C 5 Bytes JMP 89CFB1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6387380, 0x566445, 0xE8000020]
.text auwrc9xm.SYS B6303386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text auwrc9xm.SYS B63033AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text auwrc9xm.SYS B63033C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text auwrc9xm.SYS B63033C9 1 Byte [30]
.text auwrc9xm.SYS B63033C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB28A3300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8488300, 0x1BEE, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB273CF00, 0x24000, 0x48000000]
? C:\WINDOWS\system32\Drivers\PROCEXP141.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[396] WS2_32.dll!send 71A1428A 5 Bytes JMP 016626EE
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[396] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 016627E0
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[396] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01662726
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[396] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 0166275E
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[396] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01662862
.text C:\WINDOWS\system32\nvsvc32.exe[980] WS2_32.dll!send 71A1428A 5 Bytes JMP 009226EE
.text C:\WINDOWS\system32\nvsvc32.exe[980] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 009227E0
.text C:\WINDOWS\system32\nvsvc32.exe[980] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00922726
.text C:\WINDOWS\system32\nvsvc32.exe[980] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 0092275E
.text C:\WINDOWS\system32\nvsvc32.exe[980] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00922862
.text C:\WINDOWS\Explorer.EXE[1536] WS2_32.dll!send 71A1428A 5 Bytes JMP 014026EE
.text C:\WINDOWS\Explorer.EXE[1536] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 014027E0
.text C:\WINDOWS\Explorer.EXE[1536] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01402726
.text C:\WINDOWS\Explorer.EXE[1536] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 0140275E
.text C:\WINDOWS\Explorer.EXE[1536] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01402862
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1696] WS2_32.dll!send 71A1428A 5 Bytes JMP 016726EE
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1696] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 016727E0
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1696] WS2_32.dll!recv 71A1615A 5 Bytes JMP 01672726
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1696] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 0167275E
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1696] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 01672862
.text C:\WINDOWS\system32\RUNDLL32.EXE[1892] WS2_32.dll!send 71A1428A 5 Bytes JMP 00F626EE
.text C:\WINDOWS\system32\RUNDLL32.EXE[1892] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 00F627E0
.text C:\WINDOWS\system32\RUNDLL32.EXE[1892] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00F62726
.text C:\WINDOWS\system32\RUNDLL32.EXE[1892] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 00F6275E
.text C:\WINDOWS\system32\RUNDLL32.EXE[1892] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00F62862
.text C:\WINDOWS\system32\wuauclt.exe[2028] WS2_32.dll!send 71A1428A 5 Bytes JMP 00C826EE
.text C:\WINDOWS\system32\wuauclt.exe[2028] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 00C827E0
.text C:\WINDOWS\system32\wuauclt.exe[2028] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00C82726
.text C:\WINDOWS\system32\wuauclt.exe[2028] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 00C8275E
.text C:\WINDOWS\system32\wuauclt.exe[2028] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00C82862
.text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!send 71A1428A 5 Bytes JMP 009426EE
.text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 009427E0
.text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00942726
.text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 0094275E
.text C:\WINDOWS\System32\alg.exe[3832] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00942862
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spln.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spln.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spln.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spln.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spln.sys
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\auwrc9xm.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spln.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89DCE1F8
Device \FileSystem\Fastfat \FatCdrom 89A551F8
Device \Driver\usbohci \Device\USBPDO-0 89CFA1F8
Device \Driver\usbehci \Device\USBPDO-1 89CF91F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DD01F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DD01F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DD01F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DD01F8
Device \Driver\ACPI \Device\00000052 89C67108
Device \Driver\ACPI \Device\00000045 89C67108
Device \Driver\ACPI \Device\00000055 89C67108
Device \Driver\ACPI \Device\00000048 89C67108
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\ACPI \Device\00000056 89C67108
Device \Driver\ACPI \Device\00000049 89C67108
Device \Driver\ACPI \Device\00000057 89C67108
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D641F8
Device \Driver\ACPI \Device\00000058 89C67108
Device \Driver\Cdrom \Device\CdRom0 89B6C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89D641F8
Device \Driver\ACPI \Device\00000059 89C67108
Device \Driver\ACPI \Device\00000072 89C67108
Device \Driver\Cdrom \Device\CdRom1 89B6C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89D641F8
Device \Driver\atapi \Device\Ide\IdePort0 89D631F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 89D631F8
Device \Driver\atapi \Device\Ide\IdePort1 89D631F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 89D631F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 89D631F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 89D631F8
Device \Driver\ACPI \Device\00000073 89C67108
Device \Driver\Cdrom \Device\CdRom2 89B6C1F8
Device \Driver\ACPI \Device\00000074 89C67108
Device \Driver\usbstor \Device\00000081 88F0B1F8
Device \Driver\ACPI \Device\00000075 89C67108
Device \Driver\ACPI \Device\00000068 89C67108
Device \Driver\ACPI \Device\00000069 89C67108
Device \Driver\usbstor \Device\00000083 88F0B1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88F1E1F8
Device \Driver\ACPI \Device\0000004a 89C67108
Device \Driver\NetBT \Device\NetbiosSmb 88F1E1F8
Device \Driver\PCI_PNP1784 \Device\0000004c spln.sys
Device \Driver\sptd \Device\1900316784 spln.sys
Device \Driver\ACPI \Device\0000005a 89C67108
Device \Driver\ACPI \Device\0000005d 89C67108
Device \Driver\ACPI \Device\0000006a 89C67108
Device \Driver\ACPI \Device\0000005e 89C67108
Device \Driver\ACPI \Device\0000006b 89C67108
Device \Driver\usbohci \Device\USBFDO-0 89CFA1F8
Device \Driver\usbehci \Device\USBFDO-1 89CF91F8
Device \Driver\nvata \Device\NvAta0 89DCF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{496F52D6-E025-437A-8046-DEF848177AC5} 88F1E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FAC1F8
Device \Driver\nvata \Device\NvAta1 89DCF1F8
Device \Driver\ACPI \Device\0000006e 89C67108
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FAC1F8
Device \Driver\ACPI \Device\0000006f 89C67108
Device \Driver\Ftdisk \Device\FtControl 89D641F8
Device \Driver\auwrc9xm \Device\Scsi\auwrc9xm1Port4Path0Target0Lun0 899F4500
Device \Driver\auwrc9xm \Device\Scsi\auwrc9xm1 899F4500
Device \FileSystem\Fastfat \Fat 89A551F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89A561F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x2A 0x5D 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x31 0x00 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x38 0xCB 0xF7 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x2A 0x5D 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x31 0x00 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x38 0xCB 0xF7 0xEA ...
---- EOF - GMER 1.0.15 ----
|
|
23.05.2010, 15:15
| #3 |
| | 10 TAN eingeben und Firefox Browser-Hijack combofix? OSAM hat heute funktioniert.
__________________Außerdem hat der wöchentliche Standard check von Antivir den JAVA/Agent.F1 entdeckt und entfernt. Hier der Log von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:03:52 on 23.05.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.9 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a390vmel" (a390vmel) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a390vmel.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ALSysIO" (ALSysIO) - ? - C:\DOKUME~1\ADVOCA~1\LOKALE~1\Temp\ALSysIO.sys (File not found) "AMD Special Tools Driver" (AmdTools) - ? - C:\WINDOWS\System32\DRIVERS\AmdTools.sys (File not found) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Boot Tasks Driver" (SAVRKBootTasks) - "Sophos Plc" - C:\WINDOWS\system32\SAVRKBootTasks.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "GMSIPCI" (GMSIPCI) - ? - H:\INSTALL\GMSIPCI.SYS (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Programme\EVEREST HE analysetool\kerneld.wnt (File found, but it contains no detailed information) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\1F.tmp (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys "sptd" (sptd) - ? - C:\WINDOWS\System32\Drivers\sptd.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "ui11rdr" (ui11rdr) - "1&1 Internet AG" - C:\WINDOWS\System32\DRIVERS\ui11rdr.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "{C5EC35E9-69C1-4E10-89A1CBD7780C816B}" ({C5EC35E9-69C1-4E10-89A1CBD7780C816B}) - ? - C:\WINDOWS\TEMP\BE.tmp (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {62DF97A2-3635-4412-AE30-80B164BC88AD} "ShellContextMenuHandler Class" - "1&1 Internet AG" - C:\Programme\1&1\1&1 Upload-Manager\SHNDLERS.DLL {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "PartyPoker.com" - ? - C:\Spiele\Poker\PartyPoker\RunApp.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Acrobat 5.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SpybotSnD" - "Safer Networking Limited" - "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "1&1 SmartDrive" - "1&1 Internet AG" - C:\WINDOWS\System32\ui11np.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\pdfports.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "DirMngr" (DirMngr) - ? - C:\Programme\GNU\GnuPG\dirmngr.exe (File found, but it contains no detailed information) "Eingabegerätezugang" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Terminaldienste" (TermService) - "Microsoft Corporation" - C:\WINDOWS\System32\termsrv32.dll "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "{9CB83610-5FD0-4D55-806DC5A81A5EE322}" ({9CB83610-5FD0-4D55-806DC5A81A5EE322}) - ? - C:\DOKUME~1\ADVOCA~1\LOKALE~1\Temp\BA.tmp (File not found) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
| Themen zu 10 TAN eingeben und Firefox Browser-Hijack combofix? |
| 0x00000001, 10 tan, ad-aware, antivir, antivir guard, avgntflt.sys, avira, bho, browseui preloader, call of duty, cdburnerxp, combofix, components, desktop, error, excel, festplatte, firefox, fontcache, hijackthis, hkus\s-1-5-18, homepage, installation, jusched.exe, location, log files, malware, malware bytes, mozilla, msvcrt, oldtimer, otl logfile, plug-in, problem, programm, realtek, registry, safer networking, searchplugins, security, server, software, sptd.sys, staropen, system, usbvideo.sys, windows xp |
Linear-Darstellung
