| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor.Win32.LolBot!IK - Trojaner oder nicht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.01.2012, 19:32
| #1 |
 |  Backdoor.Win32.LolBot!IK - Trojaner oder nicht? Hallo Ich habe heute mal wieder meinen Rechner durchsuchen lassen und Emsisoft Anti-Malware hat in der Datei "D2SE.exe" den Trojaner "Backdoor.Win32.LolBot!IK" entdeckt. Nun ist diese Datei eine Mod für Diablo 2, die ich sehr gerne im LAN spiele und deshalb nur entfernen würde, wenn die Datei wirklich ein Schädling ist. Zudem hatte ich erst vor einigen Monaten schon ein Trojaner-Problem, bei dem mir hier gut geholfen werden konnte und dabei wurde dieser Trojaner nicht entdeckt. Daher frage ich die Experperten/-innen hier mal wieder um Rat. Hier die OTL : Code:
ATTFilter OTL logfile created on: 14/01/2012 18:54:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Master of Desaster\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.05% Memory free 6.21 Gb Paging File | 5.02 Gb Available in Paging File | 80.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.66 Gb Total Space | 48.52 Gb Free Space | 49.69% Space Free | Partition Type: NTFS Drive D: | 368.10 Gb Total Space | 101.58 Gb Free Space | 27.59% Space Free | Partition Type: NTFS Drive E: | 7.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 680.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive L: | 465.65 Gb Total Space | 218.79 Gb Free Space | 46.99% Space Free | Partition Type: FAT32 Computer Name: HORT-DES-CHAOS | User Name: Master of Desaster | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/14 18:51:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Master of Desaster\Desktop\OTL.exe PRC - [2012/01/14 13:53:08 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- d:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011/11/03 15:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/10/15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011/10/15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/10/11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011/10/11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/05/07 15:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/01/21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008/01/21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011/11/18 19:34:34 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R) SRV - [2012/01/14 13:53:08 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- d:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/09/30 19:34:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- d:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2012/01/14 13:59:02 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- D:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2011/12/08 17:12:01 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011/10/15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/10/11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2011/02/09 15:44:55 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV79.sys -- (SSHDRV79) DRV - [2010/11/16 09:22:21 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/11/16 09:22:09 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/02/03 16:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2009/02/03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007/11/21 10:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007/04/03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006/11/30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 AA B0 CB 3D A9 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: d:\programme\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: d:\programme\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: d:\programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/21 20:45:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/14 08:11:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/12/07 17:51:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/01/14 12:17:36 | 000,000,000 | ---D | M] [2011/03/07 07:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Extensions [2012/01/08 17:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions [2011/04/19 16:55:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/19 15:13:08 | 000,000,933 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\11-suche.xml [2011/12/19 15:13:08 | 000,002,419 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\englische-ergebnisse.xml [2011/12/19 15:13:08 | 000,010,525 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\gmx-suche.xml [2011/12/19 15:13:08 | 000,002,457 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\lastminute.xml [2011/12/19 15:13:08 | 000,005,508 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\webde-suche.xml () (No name found) -- C:\USERS\MASTER OF DESASTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74RO8G6Q.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [a-squared] d:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [emsisoftantimalwaresetup] "C:\Users\MASTER~1\AppData\Local\Temp\EmsisoftAntiMalwareSetup.exe" File not found O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandenes PDF anfügen - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} hxxp://www.smartphoto.de/ExtraFilmUploader6.cab (ExtraFilm Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8429BA10-518A-4778-AC94-966DB9F88E55}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Programme\SuperAntiSpyware\SASWINLO.DLL) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/10/24 10:35:04 | 000,161,070 | R--- | M] () - E:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2011/10/24 10:34:22 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2005/04/28 23:28:00 | 001,744,806 | R--- | M] () - F:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2002/04/11 14:36:42 | 001,047,040 | R--- | M] () - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004/09/12 17:30:34 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/10/24 10:35:04 | 000,378,144 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2002/04/11 14:36:42 | 001,047,040 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Users^Master of Desaster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\MASTER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - d:\Programme\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - d:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: PDFPrint - hkey= - key= - d:\Programme\PDFDrucker\PDFPrintBackend.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - d:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - d:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig - StartUpReg: Steam - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - D:\Programme\update\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/14 18:51:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Master of Desaster\Desktop\OTL.exe [2012/01/14 12:17:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/12/23 10:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/12/23 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/12/15 23:22:16 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Documents\Telltale Games ========== Files - Modified Within 30 Days ========== [2012/01/14 18:51:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Master of Desaster\Desktop\OTL.exe [2012/01/14 18:47:52 | 000,050,477 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Defogger.exe [2012/01/14 18:19:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/14 18:19:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/14 12:24:52 | 000,632,094 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/01/14 12:24:52 | 000,598,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/14 12:24:52 | 000,127,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/01/14 12:24:52 | 000,104,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/14 12:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/13 16:55:10 | 000,070,144 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/13 16:38:22 | 000,246,905 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Individualbestätigung.jpg [2012/01/05 16:37:46 | 000,095,411 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\=_iso-8859-1_Q_Theresa_Rita_Sori_Pr=F6ls.pdf [2011/12/23 13:36:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011/12/19 18:25:55 | 000,268,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/01/14 18:47:52 | 000,050,477 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Defogger.exe [2012/01/13 16:38:22 | 000,246,905 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Individualbestätigung.jpg [2012/01/05 16:37:46 | 000,095,411 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\=_iso-8859-1_Q_Theresa_Rita_Sori_Pr=F6ls.pdf [2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/09/25 17:16:12 | 000,073,424 | ---- | C] () -- C:\Windows\War3Unin.dat [2011/08/15 10:31:11 | 000,017,408 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\WebpageIcons.db [2011/05/04 15:01:23 | 000,004,096 | -H-- | C] () -- C:\Users\Master of Desaster\AppData\Local\keyfile3.drm [2011/04/07 09:26:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011/04/03 11:18:54 | 000,000,081 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Roaming\clipcatcher.ini [2011/04/01 11:37:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011/04/01 11:36:02 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/03/07 07:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/09 15:44:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV79.sys [2011/01/24 20:12:00 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010/11/16 09:22:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010/11/16 09:22:09 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010/11/10 21:53:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010/10/11 17:51:35 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010/10/01 08:43:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/10/01 08:07:42 | 000,070,144 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/30 21:34:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/09/30 21:34:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/09/30 21:01:46 | 001,513,984 | ---- | C] () -- C:\Windows\System32\Mgxrdr80.dll [2010/09/30 21:01:45 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL [2010/09/30 21:01:45 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL [2010/09/30 21:01:40 | 000,064,000 | ---- | C] () -- C:\Windows\System32\Ppiv30.dll [2010/09/30 21:01:40 | 000,000,986 | ---- | C] () -- C:\Windows\Mgxclean.sys [2010/09/30 21:01:40 | 000,000,100 | ---- | C] () -- C:\Windows\MGXCLEAN.DAT [2010/09/30 20:06:39 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010/09/30 20:00:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/09/30 19:28:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\jqgkhtc.dll [2010/09/30 19:28:37 | 000,000,204 | ---- | C] () -- C:\Windows\System32\nvxe6wa.dll [2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010/09/30 19:28:36 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2010/09/30 19:28:36 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010/09/30 19:28:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\mb6a5lr.dll [2010/09/30 19:16:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010/09/30 18:52:12 | 000,000,028 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010/09/30 16:20:37 | 000,000,680 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\d3d9caps.dat [2008/06/12 19:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008/04/12 06:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008/04/12 06:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008/01/21 08:15:58 | 000,632,094 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 08:15:58 | 000,127,356 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:47:37 | 000,268,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,598,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,104,806 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/05/04 09:36:12 | 000,245,760 | R--- | C] () -- C:\Windows\System32\setupsup.dll [2003/02/20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [1996/03/21 23:32:26 | 000,162,304 | ---- | C] () -- C:\Windows\System32\DLWBC31.DLL ========== LOP Check ========== [2011/01/15 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Atari [2011/04/19 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\BOM [2011/08/12 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Broken Sword 2.5 [2011/11/15 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Canneverbe Limited [2010/09/30 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CheckPoint [2011/05/04 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox [2011/12/07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DVDVideoSoft [2011/12/08 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\FLV Extract [2011/04/03 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\GetRightToGo [2011/04/01 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MAGIX [2012/01/10 10:22:26 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MySQL [2011/04/03 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloader [2011/04/03 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloaderHD [2011/02/22 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Opera [2011/03/15 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Scalabium [2010/09/30 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ScummVM [2011/03/06 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ubisoft [2011/12/08 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\XMedia Recode [2012/01/14 12:18:05 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/02/12 18:27:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010/09/30 23:14:53 | 000,000,000 | -HSD | M] -- C:\Boot [2012/01/14 12:18:58 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/09/30 16:18:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010/09/30 20:39:27 | 000,000,000 | ---D | M] -- C:\Intel [2010/09/30 18:50:12 | 000,000,000 | ---D | M] -- C:\Medion [2011/10/26 19:30:48 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008/01/21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/12/23 10:14:44 | 000,000,000 | R--D | M] -- C:\Program Files [2011/12/14 22:42:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/09/30 16:18:44 | 000,000,000 | -HSD | M] -- C:\Programme [2012/01/14 18:57:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/06/07 13:15:14 | 000,000,000 | R--D | M] -- C:\Users [2012/01/11 15:59:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011/04/21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2011/04/21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008/01/21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009/04/11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011/04/21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008/01/21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008/01/21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-11 09:22:58 < Schliesse bitte nun alle Programme. (Wichtig) > < Klicke nun bitte auf den Quick Scan Button. > < OTL erstellt 2 Logfiles: OTL.txt und > < End of report > Schonmal Danke im Vorfeld Holger |
| Themen zu Backdoor.Win32.LolBot!IK - Trojaner oder nicht? |
| 0x00000001, adobe, antivir, avg, avira, bho, bonjour, checkpoint, defender, emsisoft, emsisoft anti-malware, entfernen, error, excel, excel.exe, firefox, format, frage, home, langs, logfile, plug-in, realtek, registry, required, rundll, safer networking, scan, schädling, security, software, superantispyware, trojaner, version=1.0, vista |
Baum-Darstellung