| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt OrdnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.07.2011, 13:40
| #1 | |
| |  TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt Ordner Hallo. Ich bin neu hier und hoffe auf eure unterstützung. Ich habe folgendes Problem: Ich war als Admin eingeloggt. Ich hab auf downloadseiten gesurft und auf einmal kam ein windows-pop-up mit der Nachricht, dass eine meiner IDE- oder SATA Festplatten nicht richtig funktioniert und ein Neustart empfohlen wird. Antivir schlug daraufhin aus und meldete "In der Datei 'J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\14147364.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern" (wobei im ersten fund der Zugriff noch erlaubt wurde) Probleme: - Der Desktop wurde schwarz, -jegliche shortcuts sind verschwunden (sowohl vom desktop, als auch aus Start->Programme -Es wird mir KEIN Programm/Ordner mehr in meiner Programm-Partition angezeigt -Desweiteren wurde mein Task-Manager disabled. Daraufhin habe ich erstmal ein neues Nutzerkonto angelegt (auch mit admin-rechten). Von diesem aus kann ich zumindest mal wieder auf die Ordner der Programm-Partition zugreifen und sie auch starten, wobei diese alle als versteckt angezeigt werden. Ich habe SUPERAntiSpyware drüber laufen lassen und im befallenen Profil TaskManagerFix augeführt. Nun habe ich da zumindest wieder einen Taskmanager. Im später erstellten Profil fehlen auhc jegliche Shortcuts. Hier habe ich defogger, OTL und GMER laufen lassen. Defogger: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2011 13:29:14 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = J:\Dokumente und Einstellungen\nigga\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 68,17% Memory free 4,35 Gb Paging File | 3,93 Gb Available in Paging File | 90,30% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Programme Drive D: | 9,07 Gb Total Space | 5,51 Gb Free Space | 60,71% Space Free | Partition Type: NTFS Drive E: | 56,34 Gb Total Space | 3,89 Gb Free Space | 6,90% Space Free | Partition Type: NTFS Drive F: | 34,90 Gb Total Space | 6,14 Gb Free Space | 17,60% Space Free | Partition Type: NTFS Drive G: | 2,00 Gb Total Space | 1,98 Gb Free Space | 99,12% Space Free | Partition Type: NTFS Drive J: | 11,28 Gb Total Space | 0,87 Gb Free Space | 7,72% Space Free | Partition Type: NTFS Drive M: | 78,13 Gb Total Space | 14,18 Gb Free Space | 18,15% Space Free | Partition Type: NTFS Computer Name: SALO | User Name: nigga | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.01 13:16:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Dokumente und Einstellungen\nigga\Desktop\OTL.exe PRC - [2011.04.30 19:44:50 | 000,136,360 | -H-- | M] (Avira GmbH) -- J:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | -H-- | M] (Sun Microsystems, Inc.) -- J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.03.16 15:42:24 | 000,269,480 | -H-- | M] (Avira GmbH) -- J:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.02 16:03:08 | 000,281,768 | -H-- | M] (Avira GmbH) -- J:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.14 18:30:25 | 000,077,824 | -H-- | M] () -- J:\WINDOWS\KMService.exe PRC - [2010.07.14 18:30:25 | 000,008,192 | -H-- | M] () -- J:\WINDOWS\system32\srvany.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- J:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- J:\WINDOWS\explorer.exe PRC - [2006.07.23 17:55:10 | 001,585,152 | -H-- | M] () -- D:\Multimedia Keyboard Driver\PS2USBKbdDrv.exe PRC - [2005.10.31 10:51:52 | 000,057,344 | -H-- | M] (Creative Technology Ltd) -- D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe PRC - [2005.09.22 10:42:24 | 000,090,112 | RH-- | M] (Realtek Semiconductor Corp.) -- J:\WINDOWS\soundman.exe PRC - [2005.06.20 05:32:56 | 000,737,381 | -H-- | M] (Cyberlink) -- J:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005.06.20 05:32:56 | 000,061,440 | -H-- | M] (Cyberlink) -- J:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2004.02.24 16:35:06 | 002,372,760 | -H-- | M] (Sygate Technologies, Inc.) -- D:\Sygate\SPF\Smc.exe PRC - [2003.08.22 03:24:08 | 000,426,098 | -H-- | M] (Executive Software International, Inc.) -- J:\Programme\Executive Software\Diskeeper\DkService.exe ========== Modules (SafeList) ========== MOD - [2011.07.01 13:16:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Dokumente und Einstellungen\nigga\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- J:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2004.02.02 12:06:16 | 000,083,096 | -H-- | M] (Sygate Technologies, Inc.) -- J:\WINDOWS\system32\SSSensor.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (KMWDSERVICE) SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc) SRV - File not found [Auto | Stopped] -- -- (CLSched) CyberLink Task Scheduler (CTS) SRV - File not found [Auto | Stopped] -- -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2011.04.30 19:44:50 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- J:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 15:42:24 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- J:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.14 18:30:25 | 000,008,192 | -H-- | M] () [Auto | Running] -- J:\WINDOWS\system32\srvany.exe -- (KMService) SRV - [2005.06.20 05:32:56 | 000,061,440 | -H-- | M] (Cyberlink) [Auto | Running] -- J:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2004.02.24 16:35:06 | 002,372,760 | -H-- | M] (Sygate Technologies, Inc.) [Auto | Running] -- D:\Sygate\SPF\Smc.exe -- (SmcService) SRV - [2003.08.22 03:24:08 | 000,426,098 | -H-- | M] (Executive Software International, Inc.) [Auto | Running] -- J:\Programme\Executive Software\Diskeeper\DkService.exe -- (Diskeeper) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 15:42:24 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.28 15:19:25 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- J:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\SUPERAntispyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.03.01 01:24:46 | 000,279,712 | -H-- | M] () [Kernel | Auto | Running] -- J:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.03.01 01:24:46 | 000,025,888 | -H-- | M] () [Kernel | Auto | Running] -- J:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\SUPERAntispyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010.02.11 14:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.02.11 09:38:10 | 003,565,056 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.09.27 23:19:40 | 000,721,904 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- J:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.09.18 21:15:07 | 000,053,760 | -H-- | M] () [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\SSHDRV76.sys -- (SSHDRV76) DRV - [2009.05.11 09:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.22 14:28:08 | 000,008,704 | -H-- | M] () [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2009.04.22 14:28:06 | 000,003,072 | -H-- | M] () [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- J:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.14 01:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- J:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.14 01:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.14 01:16:24 | 000,015,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.07.01 23:30:28 | 000,043,520 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.02.23 12:38:32 | 000,009,728 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2006.02.20 18:59:36 | 000,083,344 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex) DRV - [2006.02.20 18:59:34 | 000,094,064 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm) DRV - [2006.02.20 18:59:34 | 000,085,408 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) DRV - [2006.02.20 18:59:32 | 000,008,336 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl) DRV - [2006.02.20 18:59:28 | 000,058,288 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM) DRV - [2005.09.22 10:34:18 | 003,727,680 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.08.18 01:00:00 | 000,007,168 | -H-- | M] () [Kernel | On_Demand | Stopped] -- D:\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - [2005.08.12 10:11:10 | 000,019,020 | -H-- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow) DRV - [2005.07.07 10:14:30 | 001,389,056 | RH-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\P17.sys -- (P17) DRV - [2005.01.10 12:15:30 | 000,106,496 | RH-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005.01.10 12:15:24 | 000,138,752 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2004.02.02 10:53:28 | 000,018,518 | -H-- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004.02.02 10:51:04 | 000,055,891 | -H-- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- J:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer) DRV - [2004.02.02 10:37:32 | 000,011,914 | -H-- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- J:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n) DRV - [2001.08.18 21:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- J:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001.08.18 21:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- J:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2000.06.26 11:50:36 | 000,052,505 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tntwan.sys -- (tntwan) DRV - [2000.06.26 11:50:24 | 000,029,862 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tntv110.sys -- (tntv110) DRV - [2000.06.26 11:49:10 | 000,125,820 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tnts0pci.sys -- (tnts0pci) DRV - [2000.06.26 11:48:08 | 000,065,132 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tnts0cfg.sys -- (tnts0cfg) DRV - [2000.06.26 11:47:44 | 000,354,588 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tntt30.sys -- (tntt30) DRV - [2000.06.26 11:47:04 | 000,067,663 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tntkrn.sys -- (tntkrn) DRV - [2000.06.26 11:46:30 | 000,035,505 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tnt8208.sys -- (tnt8208) DRV - [2000.06.26 11:46:12 | 000,043,090 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tnthdlc.sys -- (tnthdlc) DRV - [2000.06.26 11:45:56 | 000,097,222 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tntdss1.sys -- (tntdss1) DRV - [2000.06.26 11:45:36 | 000,162,230 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tntcapi.sys -- (tntcapi) DRV - [2000.06.26 11:44:46 | 000,048,022 | -H-- | M] (TELES AG, Berlin) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\tnt1tr6.sys -- (tnt1tr6) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Mozilla Firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Mozilla Firefox\plugins FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Mozilla Firefox\components [2011.06.22 13:35:04 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.03.23 18:52:58 | 000,000,000 | -H-D | M] [2011.07.01 00:37:50 | 000,000,000 | ---D | M] (No name found) -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Mozilla\Extensions [2011.07.01 12:42:13 | 000,002,572 | ---- | M] () -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Mozilla\Firefox\Profiles\iva4ltxg.default\searchplugins\informative-google-search.xml File not found (No name found) -- [2011.02.26 00:06:28 | 000,000,000 | -H-D | M] (Java Console) -- D:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.29 18:02:39 | 000,000,000 | -H-D | M] (Java Console) -- D:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.02.26 00:06:15 | 000,000,000 | -H-D | M] (Java Quick Starter) -- J:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.02.26 02:30:35 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- J:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2001.08.18 21:00:00 | 000,000,820 | -H-- | M]) - J:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] J:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] D:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [KMConfig] File not found O4 - HKLM..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [P17Helper] J:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [PCMService] File not found O4 - HKLM..\Run: [razer] File not found O4 - HKLM..\Run: [SmcService] D:\Sygate\SPF\smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SoundMan] J:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] J:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WireLessKeyboard] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - J:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\SUPERAntispyware\SASWINLO.DLL - D:\SUPERAntispyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - J:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: J:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: J:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\SUPERAntispyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.11.28 21:58:04 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\N:) - File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\I:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection J:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection J:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - J:\WINDOWS\system32\Rundll32.exe J:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - J:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.01 13:16:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- J:\Dokumente und Einstellungen\nigga\Desktop\OTL.exe [2011.07.01 01:35:27 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Sun [2011.07.01 01:21:54 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Macromedia [2011.07.01 01:21:53 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Adobe [2011.07.01 00:56:33 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\SUPERAntiSpyware.com [2011.07.01 00:56:33 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.07.01 00:48:17 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Eigene Dateien\Downloads [2011.07.01 00:37:49 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Lokale Einstellungen\Anwendungsdaten\Mozilla [2011.07.01 00:37:49 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Mozilla [2011.07.01 00:02:33 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Avira [2011.07.01 00:01:59 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Lokale Einstellungen\Anwendungsdaten\Ahead [2011.07.01 00:01:57 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Lokale Einstellungen\Anwendungsdaten\ATI [2011.07.01 00:01:57 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\ATI [2011.07.01 00:01:52 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Identities [2011.07.01 00:01:49 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\nigga\Eigene Dateien\Eigene Musik [2011.07.01 00:01:49 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\nigga\Eigene Dateien [2011.07.01 00:01:49 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\nigga\Eigene Dateien\Eigene Bilder [2011.07.01 00:01:46 | 000,000,000 | --SD | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten\Microsoft [2011.07.01 00:01:46 | 000,000,000 | --SD | C] -- J:\Dokumente und Einstellungen\nigga\Cookies [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\Startmenü\Programme\Zubehör [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\Startmenü [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\SendTo [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\Recent [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\Favoriten [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\Startmenü\Programme\Autostart [2011.07.01 00:01:46 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\nigga\Anwendungsdaten [2011.07.01 00:01:46 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\nigga\Vorlagen [2011.07.01 00:01:46 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\nigga\Netzwerkumgebung [2011.07.01 00:01:46 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\nigga\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.07.01 00:01:46 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\nigga\Lokale Einstellungen [2011.07.01 00:01:46 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\nigga\Druckumgebung [2011.07.01 00:01:46 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\nigga\Desktop [2011.06.29 18:02:49 | 000,000,000 | -H-D | C] -- J:\Programme\Gemeinsame Dateien\Java [2002.04.11 03:41:06 | 000,065,536 | RH-- | C] ( ) -- J:\WINDOWS\System32\A3d.dll [8 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ] [6 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ] [1 J:\WINDOWS\System32\dllcache\*.tmp files -> J:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.01 13:25:00 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat [2011.07.01 13:24:05 | 000,000,020 | ---- | M] () -- J:\Dokumente und Einstellungen\nigga\defogger_reenable [2011.07.01 13:19:20 | 000,004,337 | -H-- | M] () -- J:\WINDOWS\wincmd.ini [2011.07.01 13:17:22 | 000,302,592 | ---- | M] () -- J:\Dokumente und Einstellungen\nigga\Desktop\xptp2o2z.exe [2011.07.01 13:16:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Dokumente und Einstellungen\nigga\Desktop\OTL.exe [2011.07.01 13:15:18 | 000,050,477 | ---- | M] () -- J:\Dokumente und Einstellungen\nigga\Desktop\Defogger.exe [2011.07.01 00:56:30 | 000,000,617 | ---- | M] () -- J:\Dokumente und Einstellungen\nigga\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.06.29 12:25:29 | 000,459,530 | -H-- | M] () -- J:\WINDOWS\System32\perfh007.dat [2011.06.29 12:25:29 | 000,441,754 | -H-- | M] () -- J:\WINDOWS\System32\perfh009.dat [2011.06.29 12:25:29 | 000,084,568 | -H-- | M] () -- J:\WINDOWS\System32\perfc007.dat [2011.06.29 12:25:29 | 000,071,302 | -H-- | M] () -- J:\WINDOWS\System32\perfc009.dat [2011.06.28 11:38:17 | 000,002,206 | -H-- | M] () -- J:\WINDOWS\System32\wpa.dbl [2011.06.14 23:09:05 | 000,001,374 | -H-- | M] () -- J:\WINDOWS\imsins.BAK [8 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ] [6 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ] [1 J:\WINDOWS\System32\dllcache\*.tmp files -> J:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.01 13:23:51 | 000,000,020 | ---- | C] () -- J:\Dokumente und Einstellungen\nigga\defogger_reenable [2011.07.01 13:17:22 | 000,302,592 | ---- | C] () -- J:\Dokumente und Einstellungen\nigga\Desktop\xptp2o2z.exe [2011.07.01 13:15:18 | 000,050,477 | ---- | C] () -- J:\Dokumente und Einstellungen\nigga\Desktop\Defogger.exe [2011.07.01 00:56:30 | 000,000,617 | ---- | C] () -- J:\Dokumente und Einstellungen\nigga\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.07.01 00:01:53 | 000,000,778 | ---- | C] () -- J:\Dokumente und Einstellungen\nigga\Startmenü\Programme\Windows Media Player.lnk [2011.07.01 00:01:46 | 000,001,599 | -H-- | C] () -- J:\Dokumente und Einstellungen\nigga\Startmenü\Programme\Remoteunterstützung.lnk [2011.04.07 23:27:50 | 000,000,060 | -H-- | C] () -- J:\WINDOWS\pident.ini [2011.04.07 23:27:46 | 000,000,583 | -H-- | C] () -- J:\WINDOWS\pirchutl.ini [2011.03.29 02:02:52 | 000,084,480 | -H-- | C] () -- J:\WINDOWS\System32\EasyHook32.dll [2011.03.13 23:58:09 | 000,444,992 | -H-- | C] () -- J:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.03.08 11:07:32 | 000,000,229 | -H-- | C] () -- J:\WINDOWS\wcx_ftp.ini [2010.11.19 22:41:01 | 000,018,808 | -H-- | C] () -- J:\WINDOWS\System32\mlfcache.dat [2010.11.12 01:07:22 | 000,000,025 | -H-- | C] () -- J:\WINDOWS\popcinfot.dat [2010.10.06 19:41:25 | 000,000,023 | -H-- | C] () -- J:\WINDOWS\MixBKS.INI [2010.09.27 13:18:56 | 000,053,248 | RH-- | C] () -- J:\WINDOWS\System32\P17CPI.dll [2010.09.27 13:18:55 | 000,064,512 | -H-- | C] () -- J:\WINDOWS\System32\P17.dll [2010.07.14 18:11:44 | 000,077,824 | -H-- | C] () -- J:\WINDOWS\KMService.exe [2010.07.14 18:11:44 | 000,008,192 | -H-- | C] () -- J:\WINDOWS\System32\srvany.exe [2010.04.13 11:51:01 | 000,000,432 | -H-- | C] () -- J:\WINDOWS\BRWMARK.INI [2010.03.03 16:00:16 | 000,002,303 | -H-- | C] () -- J:\WINDOWS\dom2.ini [2010.03.03 15:59:08 | 000,069,632 | -H-- | C] () -- J:\WINDOWS\System32\GkSui18.EXE [2010.03.01 01:24:46 | 000,279,712 | -H-- | C] () -- J:\WINDOWS\System32\drivers\atksgt.sys [2010.03.01 01:24:46 | 000,025,888 | -H-- | C] () -- J:\WINDOWS\System32\drivers\lirsgt.sys [2009.11.06 11:58:04 | 000,178,975 | -H-- | C] () -- J:\WINDOWS\System32\xlive.dll.cat [2009.10.29 18:34:42 | 000,000,032 | -H-- | C] () -- J:\WINDOWS\Menu.INI [2009.10.02 13:40:10 | 000,000,000 | -H-- | C] () -- J:\WINDOWS\ativpsrm.bin [2009.09.18 21:15:07 | 000,053,760 | -H-- | C] () -- J:\WINDOWS\System32\drivers\SSHDRV76.sys [2009.07.26 23:08:57 | 000,004,212 | -H-- | C] () -- J:\WINDOWS\System32\zllictbl.dat [2009.07.26 20:43:17 | 000,137,960 | -H-- | C] () -- J:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.07.26 20:36:28 | 000,000,056 | -H-- | C] () -- J:\WINDOWS\System32\ezsidmv.dat [2009.07.26 20:12:10 | 000,000,130 | -H-- | C] () -- J:\WINDOWS\cfplogvw.INI [2009.07.26 19:42:36 | 000,093,633 | -H-- | C] () -- J:\WINDOWS\System32\drivers\sfi.dat [2009.07.15 20:08:03 | 000,235,248 | -H-- | C] () -- J:\WINDOWS\System32\PnkBstrB.exe [2009.07.15 20:07:32 | 002,373,712 | -H-- | C] () -- J:\WINDOWS\System32\pbsvc.exe [2009.07.15 20:07:32 | 000,075,064 | -H-- | C] () -- J:\WINDOWS\System32\PnkBstrA.exe [2009.07.06 08:18:54 | 000,005,632 | -H-- | C] () -- J:\WINDOWS\System32\CNMVS50.DLL [2009.07.05 17:29:04 | 001,663,488 | -H-- | C] () -- J:\WINDOWS\System32\BootMan.exe [2009.07.05 17:29:04 | 000,086,408 | -H-- | C] () -- J:\WINDOWS\System32\setupempdrv03.exe [2009.07.05 17:29:04 | 000,014,848 | -H-- | C] () -- J:\WINDOWS\System32\EuEpmGdi.dll [2009.07.05 17:29:04 | 000,008,704 | -H-- | C] () -- J:\WINDOWS\System32\epmntdrv.sys [2009.07.05 17:29:04 | 000,003,072 | -H-- | C] () -- J:\WINDOWS\System32\EuGdiDrv.sys [2009.07.02 15:46:17 | 000,001,008 | -H-- | C] () -- J:\WINDOWS\System32\capitsr.com [2008.10.07 10:13:30 | 000,197,912 | -H-- | C] () -- J:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- J:\WINDOWS\System32\AgCPanelFrench.dll [2008.05.11 16:27:31 | 000,198,144 | -H-- | C] () -- J:\WINDOWS\System32\_psisdecd.dll [2008.05.11 16:24:25 | 000,363,520 | -H-- | C] () -- J:\WINDOWS\System32\psisdecd.dll [2008.03.30 01:24:35 | 000,002,351 | -H-- | C] () -- J:\WINDOWS\mozver.dat [2008.03.30 01:14:32 | 000,000,305 | -H-- | C] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2008.03.30 00:59:16 | 000,000,000 | -H-- | C] () -- J:\WINDOWS\nsreg.dat [2008.03.26 16:44:05 | 000,000,025 | -H-- | C] () -- J:\WINDOWS\cdplayer.ini [2008.03.23 06:41:34 | 000,000,552 | -H-- | C] () -- J:\WINDOWS\System32\d3d8caps.dat [2008.01.30 19:28:09 | 000,000,664 | -H-- | C] () -- J:\WINDOWS\System32\d3d9caps.dat [2007.12.05 18:07:58 | 000,593,920 | -H-- | C] () -- J:\WINDOWS\System32\ati2sgag.exe [2007.12.05 18:03:22 | 000,000,010 | -H-- | C] () -- J:\WINDOWS\WININIT.INI [2007.12.05 17:31:28 | 000,000,069 | -H-- | C] () -- J:\WINDOWS\NeroDigital.ini [2007.11.28 22:46:54 | 000,004,337 | -H-- | C] () -- J:\WINDOWS\wincmd.ini [2007.11.28 22:41:34 | 000,040,960 | RH-- | C] () -- J:\WINDOWS\System32\ChCfg.exe [2007.11.28 22:37:35 | 000,000,155 | -H-- | C] () -- J:\WINDOWS\winamp.ini [2007.11.28 22:29:29 | 000,157,184 | RH-- | C] () -- J:\WINDOWS\System32\RtlCPAPI.dll [2007.11.28 22:00:31 | 000,002,048 | --S- | C] () -- J:\WINDOWS\bootstat.dat [2007.11.28 21:55:15 | 000,021,740 | -H-- | C] () -- J:\WINDOWS\System32\emptyregdb.dat [2007.11.28 20:49:40 | 000,004,161 | -H-- | C] () -- J:\WINDOWS\ODBCINST.INI [2007.11.28 20:48:36 | 000,119,744 | -H-- | C] () -- J:\WINDOWS\System32\FNTCACHE.DAT [2007.11.02 05:39:00 | 003,107,788 | -H-- | C] () -- J:\WINDOWS\System32\ativvaxx.dat [2007.11.02 05:39:00 | 003,107,788 | -H-- | C] () -- J:\WINDOWS\System32\ativva5x.dat [2007.11.02 05:39:00 | 000,887,724 | -H-- | C] () -- J:\WINDOWS\System32\ativva6x.dat [2007.09.14 15:03:51 | 000,189,051 | -H-- | C] () -- J:\WINDOWS\System32\atiicdxx.dat [2005.07.07 11:26:56 | 000,005,627 | RH-- | C] () -- J:\WINDOWS\System32\Ludap17.ini [2005.03.08 08:17:08 | 000,000,039 | RH-- | C] () -- J:\WINDOWS\System32\ctzapxx.ini [2004.08.04 01:12:38 | 000,001,804 | -H-- | C] () -- J:\WINDOWS\System32\dcache.bin [2004.08.02 14:20:40 | 000,004,569 | -H-- | C] () -- J:\WINDOWS\System32\secupd.dat [2002.05.16 02:38:40 | 000,091,136 | -H-- | C] () -- J:\WINDOWS\System32\mp4fil32.dll [2002.05.04 16:19:00 | 000,049,152 | -H-- | C] () -- J:\WINDOWS\System32\avisynthEx.dll [2001.09.01 00:15:44 | 013,107,200 | -H-- | C] () -- J:\WINDOWS\System32\oembios.bin [2001.09.01 00:15:44 | 000,004,463 | -H-- | C] () -- J:\WINDOWS\System32\oembios.dat [2001.08.18 21:00:00 | 000,673,088 | -H-- | C] () -- J:\WINDOWS\System32\mlang.dat [2001.08.18 21:00:00 | 000,459,530 | -H-- | C] () -- J:\WINDOWS\System32\perfh007.dat [2001.08.18 21:00:00 | 000,441,754 | -H-- | C] () -- J:\WINDOWS\System32\perfh009.dat [2001.08.18 21:00:00 | 000,272,128 | -H-- | C] () -- J:\WINDOWS\System32\perfi009.dat [2001.08.18 21:00:00 | 000,269,480 | -H-- | C] () -- J:\WINDOWS\System32\perfi007.dat [2001.08.18 21:00:00 | 000,218,003 | -H-- | C] () -- J:\WINDOWS\System32\dssec.dat [2001.08.18 21:00:00 | 000,084,568 | -H-- | C] () -- J:\WINDOWS\System32\perfc007.dat [2001.08.18 21:00:00 | 000,071,302 | -H-- | C] () -- J:\WINDOWS\System32\perfc009.dat [2001.08.18 21:00:00 | 000,046,258 | -H-- | C] () -- J:\WINDOWS\System32\mib.bin [2001.08.18 21:00:00 | 000,034,478 | -H-- | C] () -- J:\WINDOWS\System32\perfd007.dat [2001.08.18 21:00:00 | 000,028,626 | -H-- | C] () -- J:\WINDOWS\System32\perfd009.dat [2001.08.18 21:00:00 | 000,000,741 | -H-- | C] () -- J:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2009.12.10 01:22:38 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2009.09.27 23:33:22 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.03.23 21:38:16 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software [2009.07.26 23:09:03 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2011.03.29 02:02:57 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedBit [2010.06.20 21:26:07 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardock [2008.02.29 05:13:55 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2011.06.25 05:19:10 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.05.31 14:03:29 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2010.11.09 22:32:19 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.11.09 22:28:48 | 000,000,000 | -HSD | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010.09.12 17:40:38 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6CB64CD5-C014-45A7-88E2-55D8C0DB6489} [2011.02.26 02:39:23 | 000,000,260 | -H-- | M] () -- J:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.03 22:39:25 | 000,000,000 | -H-D | M] -- J:\BDS [2009.07.06 08:19:09 | 000,000,000 | -H-D | M] -- J:\BJPrinter [2011.07.01 00:01:46 | 000,000,000 | -H-D | M] -- J:\Dokumente und Einstellungen [2011.06.20 18:40:03 | 000,000,000 | RH-D | M] -- J:\Programme [2007.11.28 23:09:51 | 000,000,000 | -HSD | M] -- J:\RECYCLER [2007.11.28 22:01:29 | 000,000,000 | -HSD | M] -- J:\System Volume Information [2007.11.28 22:26:25 | 000,000,000 | -H-D | M] -- J:\VDMSound [2011.06.29 18:17:42 | 000,000,000 | -H-D | M] -- J:\WINDOWS [2009.08.17 00:05:32 | 000,000,000 | -H-D | M] -- J:\WinRAR < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- J:\WINDOWS\explorer.exe [2008.04.14 08:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- J:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: REGEDIT.EXE > [2008.04.14 08:53:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- J:\WINDOWS\regedit.exe [2008.04.14 08:53:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- J:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- J:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- J:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 08:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- J:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- J:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-29 16:04:12 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:553CA6CA @Alternate Data Stream - 105 bytes -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D74B6CF5 < End of report > OTL Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.07.2011 13:29:14 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = J:\Dokumente und Einstellungen\nigga\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 68,17% Memory free
4,35 Gb Paging File | 3,93 Gb Available in Paging File | 90,30% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Programme
Drive D: | 9,07 Gb Total Space | 5,51 Gb Free Space | 60,71% Space Free | Partition Type: NTFS
Drive E: | 56,34 Gb Total Space | 3,89 Gb Free Space | 6,90% Space Free | Partition Type: NTFS
Drive F: | 34,90 Gb Total Space | 6,14 Gb Free Space | 17,60% Space Free | Partition Type: NTFS
Drive G: | 2,00 Gb Total Space | 1,98 Gb Free Space | 99,12% Space Free | Partition Type: NTFS
Drive J: | 11,28 Gb Total Space | 0,87 Gb Free Space | 7,72% Space Free | Partition Type: NTFS
Drive M: | 78,13 Gb Total Space | 14,18 Gb Free Space | 18,15% Space Free | Partition Type: NTFS
Computer Name: SALO | User Name: nigga | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Winamp\Winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Winamp\Winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Winamp\Winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Miranda IM\miranda32.exe" = C:\Miranda IM\miranda32.exe:*:Enabled:Miranda IM
"C:\PowerCinema\PowerCinema.exe" = C:\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema
"C:\uTorrent\uTorrent.exe" = C:\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"J:\Programme\Miranda IM\miranda32.exe" = J:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows
"E:\Sins of a Solar Empire\Sins of a Solar Empire.exe" = E:\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"E:\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = E:\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)
"E:\Sins of a Solar Empire\Sins of a Solar Empire Diplomacy.exe" = E:\Sins of a Solar Empire\Sins of a Solar Empire Diplomacy.exe:*:Enabled:Sins of a Solar Empire - Diplomacy -- (Ironclad Games)
"E:\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- (BioWare)
"E:\Dragon Age\bin_ship\daorigins.exe" = E:\Dragon Age\bin_ship\daorigins.exe:*:Disabled:Dragon Age: Origins -- (BioWare)
"D:\Miranda IM\miranda32.exe" = D:\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"J:\Programme\Java\jre6\bin\javaw.exe" = J:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"D:\uTorrent\uTorrent.exe" = D:\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"M:\World of Warcraft\Launcher.exe" = M:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\DAP\DAP.exe" = D:\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"M:\World of Warcraft\Launcher.patch.exe" = M:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"E:\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = E:\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies Demo -- ()
"E:\Steam\steamapps\kingkeen\counter-strike source\hl2.exe" = E:\Steam\steamapps\kingkeen\counter-strike source\hl2.exe:*:Enabled:hl2
"M:\World of Warcraft\BackgroundDownloader.exe" = M:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\Steamless Left4Dead2 Pack\left4dead2.exe" = E:\Steamless Left4Dead2 Pack\left4dead2.exe:*:Enabled:left4dead2 -- ()
"E:\TmNationsForever\TmForever.exe" = E:\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"J:\Dokumente und Einstellungen\saloKeen\Lokale Einstellungen\Apps\2.0\N43TTBHO.85P\VLQ88RZE.NTK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = J:\Dokumente und Einstellungen\saloKeen\Lokale Einstellungen\Apps\2.0\N43TTBHO.85P\VLQ88RZE.NTK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{31C63A8A-D9AB-4300-828B-86B41F59FAE1}" = Multimedia Keyboard Driver
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{483213DE-E8FC-44D9-8826-11D480BEE38D}" = TerraTec Remote Control
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{51B46054-AE28-4BCD-8DE8-3901354F0A1C}" = Multimedia Keyboard Driver
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{5511D34C-323F-42E0-8C82-0AEB3E920417}" = Diskeeper Professional Edition
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}" = Pirates of the Caribbean
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{F860F390-78F4-4B45-8C1A-0489618E315B}" = Sygate Personal Firewall
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"69083DC58646DE46A09847A522A1CC487F918039" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"7-Zip" = 7-Zip 4.42
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows-Treiberpaket - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AquaMark3" = AquaMark3
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bitRipper" = bitRipper
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 1.90
"Funktion" = Funktion
"GeoGebra" = GeoGebra
"GEONExT_is1" = GEONExT 1.73
"InstallShield_{31C63A8A-D9AB-4300-828B-86B41F59FAE1}" = Multimedia Keyboard Driver
"InstallShield_{51B46054-AE28-4BCD-8DE8-3901354F0A1C}" = Multimedia Keyboard Driver
"JDownloader" = JDownloader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.9.23
"mIRC" = mIRC
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MPE" = MyPhoneExplorer
"PunkBusterSvc" = PunkBuster Services
"QSuite_is1" = QSuite Ver1.2
"RealAlt_is1" = Real Alternative 2.0.1
"Shadow Warrior v1.2" = Shadow Warrior v1.2
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"SolidStateIONMozilla" = Solid State ION Mozilla Plugin
"ST4UNST #1" = GSZEUG_93
"Steam App 300" = Day of Defeat: Source
"Steam App 3592" = Plants vs. Zombies Demo
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SysInfo" = Creative-Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"VDMSound" = VDMSound
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"xp-AntiSpy" = xp-AntiSpy 3.97-10
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2011 18:48:54 | Computer Name = SALO | Source = Microsoft Management Console | ID = 1000
Description =
Error - 03.05.2011 16:39:51 | Computer Name = SALO | Source = MsiInstaller | ID = 1013
Description = Produkt: NVIDIA PhysX v8.10.29 -- Installation terminated
[ System Events ]
Error - 30.06.2011 19:12:50 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BuddyVM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 30.06.2011 19:31:46 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "CyberLink Background Capture Service (CBCS)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3
Error - 30.06.2011 19:31:46 | Computer Name = SALO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist vom Dienst "CyberLink
Background Capture Service (CBCS)" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%3
Error - 30.06.2011 19:31:46 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BuddyVM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 01.07.2011 06:07:50 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "CyberLink Background Capture Service (CBCS)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3
Error - 01.07.2011 06:07:50 | Computer Name = SALO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist vom Dienst "CyberLink
Background Capture Service (CBCS)" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%3
Error - 01.07.2011 06:07:50 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BuddyVM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 01.07.2011 07:26:46 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "CyberLink Background Capture Service (CBCS)" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3
Error - 01.07.2011 07:26:46 | Computer Name = SALO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "CyberLink Task Scheduler (CTS)" ist vom Dienst "CyberLink
Background Capture Service (CBCS)" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%3
Error - 01.07.2011 07:26:46 | Computer Name = SALO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BuddyVM" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
< End of report >
GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-01 14:18:28
Windows 5.1.2600 Service Pack 3
Running: xptp2o2z.exe; Driver: J:\DOKUME~1\nigga\LOKALE~1\Temp\pgtdypog.sys
---- System - GMER 1.0.15 ----
SSDT BA6B2446 ZwCreateKey
SSDT BA6B243C ZwCreateThread
SSDT BA6B244B ZwDeleteKey
SSDT BA6B2455 ZwDeleteValueKey
SSDT BA6B245A ZwLoadKey
SSDT \??\J:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA4698D0]
SSDT BA6B2428 ZwOpenProcess
SSDT BA6B242D ZwOpenThread
SSDT BA6B2464 ZwReplaceKey
SSDT BA6B245F ZwRestoreKey
SSDT BA6B2450 ZwSetValueKey
SSDT \??\J:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA469E70]
SSDT \??\D:\SUPERAntispyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9401620]
---- Kernel code sections - GMER 1.0.15 ----
.text J:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99A3000, 0x1C5D38, 0xE8000020]
.text J:\WINDOWS\system32\drivers\SSHDRV76.sys section is writeable [0xA954E000, 0x16204, 0xE8000020]
.pklstb J:\WINDOWS\system32\drivers\SSHDRV76.sys entry point in ".pklstb" section [0xA956C000]
.relo2 J:\WINDOWS\system32\drivers\SSHDRV76.sys unknown last section [0xA957C000, 0x86, 0x42000040]
.text tcpip.sys!IPTransmit + 10FC A94C4D3A 6 Bytes CALL B9DC2200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 A94C6690 6 Bytes CALL B9DC2200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 A94DC454 6 Bytes CALL B9DC2200 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA28D3FD 4 Bytes CALL B9DC2350 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA28D402 2 Bytes [90, 90] {NOP ; NOP }
.text J:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA67FD300, 0x3AF78, 0xE8000020]
.text J:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA400300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Mozilla Firefox\firefox.exe[3208] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00401410 D:\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x88 0x8E 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x14 0x29 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x8E 0x3E 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xC7 0x97 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0x95 0xAE 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x39 0x31 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Daemon Tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA7 0xF6 0xE4 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x14 0x29 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0x8A 0x87 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xC7 0x97 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0x95 0xAE 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x39 0x31 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x88 0x8E 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x14 0x29 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x8E 0x3E 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xC7 0x97 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0x95 0xAE 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x39 0x31 0x6D ...
---- EOF - GMER 1.0.15 ----
Gruß Salo PS: Ich sehe gerade einen post zum selben Problem von deckbett. Allerdings nutzt er Vista und ich XP. ich werde dennoch ertmal M-K-D-B's anweisungen folgen und unhide ausführen. was zumindest dazu führte, dass ich wieder alle programme sehen kann und auch die verlinkungen wieder da sind. weiter bestehendes Problem: ich kann weder desktop hintergrund verändern noch sachen auf demselbigen speichern (einfügen, senden an, etc...) Mir fällt auf dass im Taskmanager der Leerlaufprozess nicht angezeigt wird. Bin ziemlich hilflos, was dieses Problem angeht. Geändert von salo (01.07.2011 um 14:28 Uhr) |
|
01.07.2011, 14:27
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt OrdnerZitat:
 Auf welchen Seiten genau warst du unterwegs? Zitat:
Bitte dann routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
01.07.2011, 14:42
| #3 |
| | TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt Ordner Danke für die schnelle antwort.
__________________Sygate ist deinstalliert. Nach der Installation von einem WOW update habe ich vergessen mich umzuloggen, daher die dämlichkeit als admin zu surfen. Die seiten waren hxxp://cpmburner.com/show_i.php?a=62&z=1&c=1&adurl=272&pl=43&plurl=194&target=_top tokyotoshokan.info animesenshi.com Nyaa.eu animetake.com bei letzterer bin ich öfter unterwegs und hatte bisher nie probleme. Malwarebyte scan kommt asap. |
|
02.07.2011, 01:35
| #4 | |
| | TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt Ordner hier das malwarebytes-log: Zitat:
|
|
03.07.2011, 12:47
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt OrdnerZitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! Beachte dazu auch unsere Forenrichtlinie => http://www.trojaner-board.de/95394-c...-software.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt Ordner |
| 0x00000001, 32 bit, 7-zip, alternate, audacity, counter-strike source, disabletaskmgr, festplatte, flash player, fontcache, helper, jdownloader, msiinstaller, nicht angezeigt, ntdll.dll, pirates, plug-in, problem, pum.hijack.displayproperties, pum.hijack.startmenu, pum.hijack.taskmanager, registry, required, riskware.tool.ck, searchplugins, security, security update, starten, teamspeak, total commander, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, verlinkungen |
Linear-Darstellung
