| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Und noch einer mit Bundespolizei Trojaner...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2012, 19:27
| #1 |
| |  Und noch einer mit Bundespolizei Trojaner... Hallo Ihr Allwissenden, mich hat der Bundespolizei Trojaner auch erwischt.  Ich habe ein eigenes Profil angelegt zum Surfen, dass natürlich jetzt nicht mehr zu benützen ist. Ich habe bereits im abgesicherten Modus ein Logfile mit OTL erstellt (wie aus anderen Posts gelesen). Wie sehen denn die nächsten Schritte aus, was zu tun ist? Vor allem, in welchem Profil muss ich die Schrite ausführen... Im voraus schon mal vielen Dank für Eure Hilfe!!! Schönen Gruß Stefan Code:
ATTFilter OTL logfile created on: 22.02.2012 18:47:56 - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,29% Memory free 6,19 Gb Paging File | 5,83 Gb Available in Paging File | 94,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 64,29 Gb Free Space | 14,42% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 11,44 Gb Free Space | 57,23% Space Free | Partition Type: FAT32 Computer Name: BEA | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.22 16:07:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2009.01.09 19:46:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.09 19:45:26 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.01.09 14:40:56 | 000,304,128 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\swriter.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:25:31 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe ========== Modules (No Company Name) ========== MOD - [2010.01.09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.01.09 20:18:30 | 000,139,264 | ---- | M] () -- C:\Programme\OpenOffice.org 3\Basis\program\nsldap32v50.dll MOD - [2009.01.09 14:40:56 | 000,304,128 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\swriter.exe MOD - [2008.07.29 13:59:22 | 000,165,376 | ---- | M] () -- C:\Programme\OpenOffice.org 3\Basis\program\libxslt.dll MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.08.17 17:53:44 | 010,891,349 | ---- | M] () [Auto | Stopped] -- C:/PROGRA~1/SQUEEZ~2/server/SqueezeSvr.exe -- (squeezesvc) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.18 19:22:28 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.11.22 16:17:10 | 000,143,360 | ---- | M] (Pro Softnet Corporation) [Auto | Stopped] -- C:\Programme\IDrive\IDriveE Service.exe -- (IDriveE Service) SRV - [2009.11.10 12:02:24 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\WTouch\WTouchService.exe -- (WTouchService) SRV - [2009.11.10 12:02:22 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2009.08.24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.08.03 16:24:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.11.24 20:25:54 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade) SRV - [2008.11.24 20:25:52 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Programme\AskBarDis\bar\bin\AskService.exe -- (ASKService) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.08.07 10:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.06.03 17:36:58 | 000,131,160 | R--- | M] () [Auto | Stopped] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2008.06.03 17:36:56 | 000,360,538 | R--- | M] () [Auto | Stopped] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2008.02.28 17:07:14 | 001,801,216 | R--- | M] (Buhl Data Service GmbH) [Auto | Stopped] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 14:45:02 | 000,358,936 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.04.24 12:55:18 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2001.11.12 12:31:48 | 000,020,480 | R--- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.08.19 10:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2011.08.19 10:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.08.17 09:43:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.11.25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.07.09 09:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid) DRV - [2009.05.24 10:57:00 | 009,898,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009.02.25 18:58:56 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2009.02.25 18:58:56 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPEWSFXBULK) DRV - [2009.02.20 18:58:30 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.06 18:30:39 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.08.03 15:16:05 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.06.20 17:27:26 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 11:19:28 | 000,015,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vburner.sys -- (vburner) DRV - [2008.02.06 16:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.01.08 07:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.11.21 10:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.05.03 10:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.02 15:45:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.02 11:03:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.07.21 18:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.11.27 13:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\u3w3ywip.default\extensions [2008.08.03 15:22:19 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\u3w3ywip.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.01.06 10:54:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\u3w3ywip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.12.13 17:17:43 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\u3w3ywip.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.08.03 16:17:08 | 000,000,681 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u3w3ywip.default\searchplugins\ask.xml [2008.08.03 15:22:51 | 000,000,358 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u3w3ywip.default\searchplugins\winamp-search.xml [2012.01.02 15:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.02.07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.02.07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.02.07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2007.03.16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2007.03.16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.02.07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.08.03 16:20:28 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater File not found O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [IDriveE Startup] C:\Programme\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Programme\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CABA4E36-4740-48B3-85C6-4D450501F5DA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e056b569-6166-11dd-a10b-0021850fa3bc}\Shell - "" = AutoRun O33 - MountPoints2\{e056b569-6166-11dd-a10b-0021850fa3bc}\Shell\AutoRun\command - "" = I:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk - C:\Programme\MagicTune Premium\GammaTray.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanPanel.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: ALDI_SUED_FotoSuite_Download - hkey= - key= - C:\Program Files\ALDI Sued Foto Service\FotoSuite.exe (MAGIX AG) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: Nokia.PCSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.) MsConfig - StartUpReg: Orb - hkey= - key= - C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( ) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.22 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Virus [2012.02.22 16:07:44 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.02.21 23:52:19 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.02.21 22:37:27 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\rescue2usb.exe [2012.02.21 22:32:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Logitech® Webcam-Software [2012.02.21 22:30:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype [2012.02.18 15:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freeware PDF Unlocker [2012.02.18 15:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeware PDF Unlocker [2012.02.03 18:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.02.03 17:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.02.03 17:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.02.02 07:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows ========== Files - Modified Within 30 Days ========== [2012.02.22 18:44:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.22 18:40:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEA19988-75A9-46CC-B964-8EC3A66D50A0}.job [2012.02.22 18:39:52 | 000,080,399 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.22 18:39:45 | 000,080,399 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.22 18:39:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.22 18:39:19 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.02.22 18:39:19 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 18:39:19 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 17:49:00 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Admin.job [2012.02.22 17:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.22 16:07:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.02.21 22:31:17 | 000,000,958 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.02.21 21:06:05 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AEB5A3F5-9BE9-4FFA-8A85-DF1B80643983}.job [2012.02.21 20:54:16 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.21 20:54:16 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.21 20:54:16 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.21 20:54:16 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.21 13:48:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.02.18 15:59:28 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\PDF unlocker, drop PDF files here.lnk [2012.02.18 15:59:28 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Drop EPS here PNG out.lnk [2012.02.03 18:00:19 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.02.21 22:37:28 | 000,028,160 | ---- | C] () -- C:\Program Files\syslinux.exe [2012.02.21 22:37:28 | 000,000,237 | ---- | C] () -- C:\Program Files\syslinux.cfg [2012.02.21 22:37:27 | 000,237,849 | ---- | C] () -- C:\Program Files\grub.exe [2012.02.21 22:31:17 | 000,000,958 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.02.18 15:59:28 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\PDF unlocker, drop PDF files here.lnk [2012.02.18 15:59:28 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Drop EPS here PNG out.lnk [2012.02.03 18:00:19 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.24 22:09:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IDriveEXceedCryReg.exe [2011.08.24 22:09:43 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.05.18 19:23:01 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2011.05.18 19:23:01 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.04.13 21:02:48 | 000,173,414 | ---- | C] () -- C:\Windows\hppins09.dat [2011.04.13 20:27:23 | 000,173,373 | ---- | C] () -- C:\Windows\System32\hppins09.dat [2010.09.01 17:10:13 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010.09.01 16:17:05 | 000,169,117 | ---- | C] () -- C:\Windows\hppins09.dat.temp [2010.09.01 16:17:05 | 000,004,144 | ---- | C] () -- C:\Windows\hppmdl09.dat.temp [2010.04.04 22:34:43 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.04.04 22:34:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.04 22:34:41 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.04.04 22:34:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.04 22:34:40 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.03.14 21:39:50 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.03.14 21:39:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2008.08.06 18:49:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Azureus [2008.07.21 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service [2009.01.02 23:01:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service GmbH [2008.08.03 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools [2008.11.16 10:28:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterTrust [2011.12.25 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2009.10.28 19:48:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2008.10.22 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia [2009.09.19 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2010.01.05 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit [2008.10.22 19:59:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite [2009.11.08 10:58:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung [2010.05.31 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScreeNet iSaver [2010.05.31 12:12:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WTouch [2012.02.21 23:31:03 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.21 21:06:05 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AEB5A3F5-9BE9-4FFA-8A85-DF1B80643983}.job [2012.02.22 18:40:04 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CEA19988-75A9-46CC-B964-8EC3A66D50A0}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.21 22:29:01 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.10.09 23:12:33 | 000,000,000 | ---D | M] -- C:\Bea_mp3 [2008.05.26 13:52:00 | 000,000,000 | -HSD | M] -- C:\Boot [2010.09.22 18:22:30 | 000,000,000 | ---D | M] -- C:\Casino [2012.02.18 15:59:32 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2011.09.13 19:56:03 | 000,000,000 | ---D | M] -- C:\CPQSYSTEM [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.21 16:37:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.05 20:12:44 | 000,000,000 | ---D | M] -- C:\downloads [2008.11.12 16:10:51 | 000,000,000 | ---D | M] -- C:\Haushaltsbuch [2010.11.20 10:25:27 | 000,000,000 | ---D | M] -- C:\hegames [2010.09.01 16:55:51 | 000,000,000 | ---D | M] -- C:\HP_CP1510_Default_Install_4.0 [2011.01.11 16:48:09 | 000,000,000 | ---D | M] -- C:\HP_CP1510_full_solution_v4.0 [2011.09.14 19:15:11 | 000,000,000 | ---D | M] -- C:\Intel [2012.02.22 00:23:36 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2009.10.08 14:02:02 | 000,000,000 | ---D | M] -- C:\Kinderspiele [2009.08.07 17:48:50 | 000,000,000 | ---D | M] -- C:\Kinder_mp3's [2009.08.03 16:58:40 | 000,000,000 | ---D | M] -- C:\Medion [2010.07.29 15:56:48 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.06.11 09:25:01 | 000,000,000 | ---D | M] -- C:\MyWorks [2010.09.02 09:12:57 | 000,000,000 | ---D | M] -- C:\Philips [2009.10.29 10:28:49 | 000,000,000 | ---D | M] -- C:\PRINTKEY2000 [2012.02.21 22:37:28 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.02 07:53:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.21 16:37:29 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.02 20:53:37 | 000,000,000 | ---D | M] -- C:\sr [2012.02.22 17:39:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.22 18:42:43 | 000,000,000 | ---D | M] -- C:\temp [2010.09.01 17:01:34 | 000,000,000 | ---D | M] -- C:\Treiber [2010.12.28 14:34:21 | 000,000,000 | ---D | M] -- C:\USB Stick [2010.01.06 10:44:21 | 000,000,000 | R--D | M] -- C:\Users [2010.04.04 22:37:00 | 000,000,000 | ---D | M] -- C:\videodvdmaker [2012.02.22 18:00:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2009.10.16 16:43:30 | 000,237,849 | ---- | M] () -- C:\Program Files\grub.exe [2010.08.19 19:22:43 | 000,409,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\rescue2usb.exe [2010.04.01 11:01:34 | 000,028,160 | ---- | M] () -- C:\Program Files\syslinux.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2002.08.29 13:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\temp\xp\I386\sp1.cab:atapi.sys [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2002.08.29 13:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\drivers\atapi.sys [2002.08.29 13:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\temp\PE\BartPE\i386\system32\drivers\atapi.sys [2002.08.29 13:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS [2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 21:30:08 | 000,007,216 | R--- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2002.08.29 13:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\explorer.exe [2002.08.29 13:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\temp\PE\BartPE\i386\explorer.exe [2002.08.29 13:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\temp\winPE\pebuilder3110a\BartPE\I386\EXPLORER.EXE [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 22:03:32 | 000,384,024 | R--- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\temp\PE\drivers\sata\IaStor.sys [2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\temp\sata\winall\Driver\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | R--- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys [2008.07.20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\temp\sata\winall\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2002.08.29 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\netlogon.dll [2002.08.29 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\temp\PE\BartPE\i386\system32\netlogon.dll [2002.08.29 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2002.08.29 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\scecli.dll [2002.08.29 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\temp\PE\BartPE\i386\system32\scecli.dll [2002.08.29 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2002.08.29 13:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\user32.dll [2002.08.29 13:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\temp\PE\BartPE\i386\system32\user32.dll [2002.08.29 13:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\USER32.DLL < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2002.08.29 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\userinit.exe [2002.08.29 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\temp\PE\BartPE\i386\system32\userinit.exe [2002.08.29 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE < MD5 for: WINLOGON.EXE > [2002.08.29 13:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\winlogon.exe [2002.08.29 13:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\temp\PE\BartPE\i386\system32\winlogon.exe [2002.08.29 13:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\$RECYCLE.BIN\S-1-5-21-3376217429-2437562438-1941997579-1004\$ROK9VA8\i386\system32\drivers\ws2ifsl.sys [2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\temp\PE\BartPE\i386\system32\drivers\ws2ifsl.sys [2002.08.29 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\temp\winPE\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\WS2IFSL.SYS [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.08.03 15:16:05 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.02.22 18:57:26 | 001,835,008 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2012.02.22 18:57:26 | 000,262,144 | -H-- | M] () -- C:\Users\Admin\ntuser.dat.LOG1 [2008.07.21 16:41:06 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\ntuser.dat.LOG2 [2009.11.23 22:27:11 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.11.23 22:27:11 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.07.21 17:33:14 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2012.02.22 18:47:40 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3f222dd8-d8fc-11de-8c71-0050fcc0671b}.TM.blf [2011.05.07 10:09:24 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3f222dd8-d8fc-11de-8c71-0050fcc0671b}.TMContainer00000000000000000001.regtrans-ms [2012.02.22 18:47:40 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3f222dd8-d8fc-11de-8c71-0050fcc0671b}.TMContainer00000000000000000002.regtrans-ms [2008.07.21 16:41:06 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini [2011.04.17 21:15:15 | 000,000,680 | RHS- | M] () -- C:\Users\Admin\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A9364E30 < End of report > |
|
22.02.2012, 19:31
| #2 |
| /// Malware-holic   | Und noch einer mit Bundespolizei Trojaner... hi,
__________________glaub keiner von uns hier ist allwissend :-) Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ |
|
22.02.2012, 20:22
| #3 |
| | Und noch einer mit Bundespolizei Trojaner... Hier ist die ComboFix Log Datei...
__________________Code:
ATTFilter ComboFix 12-02-22.01 - Admin 22.02.2012 20:01:42.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2500 [GMT 1:00]
ausgeführt von:: c:\users\Bea\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\dsdd.dat
c:\programdata\Windows\nudr.dat
c:\users\Bea\4.0
c:\users\Bea\AppData\Roaming\2.1763430683174878E-467f76.exe
c:\windows\IsUn0407.exe
c:\windows\pi.exe
c:\windows\system32\CddbCdda.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-22 bis 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-22 19:11 . 2012-02-22 19:11 -------- d-----w- c:\users\NiSo\AppData\Local\temp
2012-02-22 18:41 . 2012-02-22 18:56 -------- d-----w- C:\Temperl
2012-02-21 22:52 . 2012-02-21 23:23 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-02-21 21:37 . 2010-04-01 10:01 28160 ----a-w- c:\program files\syslinux.exe
2012-02-21 21:37 . 2010-08-19 18:22 409600 ----a-w- c:\program files\rescue2usb.exe
2012-02-21 21:37 . 2009-10-16 15:43 237849 ----a-w- c:\program files\grub.exe
2012-02-21 21:32 . 2012-02-21 21:32 -------- d-----w- c:\users\Admin\AppData\Local\Logitech® Webcam-Software
2012-02-21 21:30 . 2012-02-22 16:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2012-02-21 14:33 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F22FBEA-46FE-4723-BB1F-9EE0068D4291}\mpengine.dll
2012-02-18 14:59 . 2012-02-18 14:59 -------- d-----w- c:\program files\Freeware PDF Unlocker
2012-02-03 16:58 . 2012-02-03 16:58 -------- d-----w- c:\program files\iPod
2012-02-03 16:58 . 2012-02-03 17:00 -------- d-----w- c:\program files\iTunes
2012-01-27 13:42 . 2012-01-27 13:43 -------- d-----w- c:\users\Bea\.tfo4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 08:32 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-25 19:22 . 2011-12-25 19:22 53248 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-24 18:42 . 2011-07-04 15:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 12:05 . 2011-12-14 12:05 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-12-21 07:42 . 2011-07-11 20:27 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\programme\IDrive\IDrvieEStartup.exe" [2010-11-18 184320]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2008-04-11 937984]
"TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2008-06-03 172032]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-24 13785632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-02-01 220552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-28 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-08 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-11 161336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\programme\IDrive\IDriveEReg2ini.exe [2011-8-24 292296]
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\users\Bea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Philips SA304X Device Manager.lnk - c:\philips\SA304x Device Manager\SA304X_DeviceManager.exe [2010-9-2 1605632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Squeezebox Server-Taskleisten-Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2010-12-27 2162775]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanPanel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ScanPanel.lnk
backup=c:\windows\pss\ScanPanel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_SUED_FotoSuite_Download]
2008-11-13 16:30 1257472 ----a-w- c:\program files\ALDI Sued Foto Service\FotoSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-11-08 12:15 102400 ----a-w- c:\program files\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 10:51 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 07:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-08-11 07:31 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54 16896 ----a-r- c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-07-09 21:33 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-21 08:28]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 16:25]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 16:25]
.
2012-02-22 c:\windows\Tasks\Norton Security Scan for Admin.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-24 08:48]
.
2012-02-21 c:\windows\Tasks\User_Feed_Synchronization-{AEB5A3F5-9BE9-4FFA-8A85-DF1B80643983}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{CEA19988-75A9-46CC-B964-8EC3A66D50A0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u3w3ywip.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NPSStartup - (no file)
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Haushaltbuchführung - c:\windows\unin0407.exe
AddRemove-PE Builder_is1 - c:\temp\winPE\pebuilder3110a\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-22 20:11
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\squeezesvc]
"ImagePath"="C:/PROGRA~1/SQUEEZ~2/server/SqueezeSvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\squeezesvc]
"ImagePath"="C:/PROGRA~1/SQUEEZ~2/server/SqueezeSvr.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-22 20:13:25
ComboFix-quarantined-files.txt 2012-02-22 19:13
.
Vor Suchlauf: 26 Verzeichnis(se), 68.874.010.624 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 111.063.265.280 Bytes frei
.
- - End Of File - - 0859C89CB57DDEEECA7D2470858EB1C4
|
|
22.02.2012, 20:34
| #4 |
| /// Malware-holic | Und noch einer mit Bundespolizei Trojaner... normaler modus läuft wieder?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2012, 20:41
| #5 |
| | Und noch einer mit Bundespolizei Trojaner... Ja, läuft wieder!!! Super. Aber das war doch bestimmt noch nicht alles, Oder?? |
|
22.02.2012, 20:56
| #6 |
| /// Malware-holic | Und noch einer mit Bundespolizei Trojaner... ne, wir gucken noch weiter und sichern den pc ab. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Und noch einer mit Bundespolizei Trojaner... |
|
23.02.2012, 06:10
| #7 |
| | Und noch einer mit Bundespolizei Trojaner... So, auch erledigt Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Admin :: BEA [Administrator] 22.02.2012 21:10:15 mbam-log-2012-02-22 (21-10-15).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 536913 Laufzeit: 2 Stunde(n), 13 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2476 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart. C:\Users\Bea\Documents\Azureus Downloads\Adobe.Photoshop.CS4.Extended.v11.0.German.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bea\Documents\Azureus Downloads\Adobe.Photoshop.CS4.Extended.v11.0.German.Incl.Keymaker-CORE\temp\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bea\Downloads\SetupCasino_f11b28_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bea\Downloads\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
23.02.2012, 11:29
| #8 |
| /// Malware-holic | Und noch einer mit Bundespolizei Trojaner... C:\Users\Bea\Documents\Azureus Downloads\Adobe.Photoshop.CS4.Extended.v11.0.German.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bea\Documents\Azureus Downloads\Adobe.Photoshop.CS4.Extended.v11.0.German.Incl.Keymaker-CORE\temp\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bea\Downloads\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Erfolgreich gelöscht und in Quarantäne gestellt. alles 3 keygens, die verwendung selbiger ist illegal und potentiell gefährlich, da diese illegal sind gibts hier nur hilfe beim formatieren neu aufsetzen und pc absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.02.2012, 17:26
| #9 |
| | Und noch einer mit Bundespolizei Trojaner... Oh Mist! Da muss ich wohl jemandem die Löffel langziehen!!! Trotzdem VIELEN DANK für Deine Hilfe! Zumindest ist jetzt die Meldung des Trojaners verschwunden... |
|
| Themen zu Und noch einer mit Bundespolizei Trojaner... |
| adobe, alternate, antivir, avira, bartpe, bho, bonjour, defender, document, error, explorer, firefox, format, generic, google earth, hewlett packard, hilfe!!, home, kaspersky, logfile, lws.exe, nvidia, nvstor.sys, plug-in, realtek, registry, required, rundll, scan, security scan, security update, software, studio, trojaner, version=1.0, vista, winlogon.exe |
Linear-Darstellung
