| |
| |||||||
Log-Analyse und Auswertung: Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAWWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.03.2010, 23:39
| #1 |
| |  Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Ich habe seit knapp einer Woche ein komisches Problem und danke für jeden Hilfe. In meinem System scheint sich ein Trojaner eingenistet zu haben der irgendie und ich weiß, dass das jetzt nach nen fake klingt, einen SAW Bildschirmstartet mp3 abspielen das CD Laufwerk öffnet dumme Fragen stellt Das Ganze lief über 2 exe-DAtein die es auf D: kopierte. Sie hießen 1.exe, 2.exe Außerdem hat mich Norton heute noch nach der new.exe gefragt, die meiner Meinung nach auch Schadsoftware ist. nach einem Neustart hatte er es geschaft trotz installierten McAfee Internet Security Maus und Tastatur lahm zu legen. Eigentlich wollte er auch noch 2 Zeilen Registry ändern, um das Anzeigen des Taskmanagers zu verhindern. Der meiste Schaden blieb dadurch aus, das er nicht für Windows 7 geschaffen war und ich den Taskmanager nutzen konnte. Ich habe nun Norton 360 ° installiert und gescannt aber leider immer noch keine Lösung. Außerdem hat mich Norton heute noch nach der new.exe gefragt, die meiner Meinung nach auch Schadsoftware ist. Das Böse kann zwar nichts mehr starten da ich 1.exe und 2.exe entfernt habe. Ich bekomme aber öfters eine CMD zu sehen die eben diese exen starten möchte. Ich bitte um Hilfe und Ideen. edit 10 min later: gerade hab ich das hier noch gefunden. entspricht meinem Bildschirm, nur das bei mir die Zeit von anfang an auf 00:00 stand  hxxp://www.imgbox.de/?img=z51238b32.jpg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:40:19, on 23.03.2010 Platform: Unknown Windows (WinNT 6.01.3504) // Windows 7, Prof, 64bit MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: D:\DAEMON Tools Lite\daemon.exe D:\Launchy\Launchy.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe D:\Launch Manager\QtZgAcer.EXE D:\Nimbuzz\Nimbuzz.exe D:\Mozilla Firefox\firefox.exe D:\Notepad++\notepad++.exe E:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O4 - HKLM\..\Run: [LManager] D:\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [Winload] C:\Windows\CTFMON\msnmsgr.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files (x86)\BySoft FreeRAM\FreeRAM.exe O4 - HKCU\..\Run: [CTFMON] C:\Windows\CTFMON\msnmsgr.exe O4 - HKLM\..\Policies\Explorer\Run: [msnmsgr.exe] C:\Windows\CTFMON\msnmsgr.exe O4 - HKCU\..\Policies\Explorer\Run: [msnmsgr.exe] C:\Windows\CTFMON\msnmsgr.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Launchy.lnk = D:\Launchy\Launchy.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Box_NTR v2.6A (.bntr) - Unknown owner - C:\ProgramData\Norton\bntr.exe O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - d:\ShrewSoft\VPN Client\dtpd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - d:\ShrewSoft\VPN Client\iked.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - d:\ShrewSoft\VPN Client\ipsecd.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: mental ray 3.5 Satellite (64-bit) (mi-raysat_3dsmax9_64) - Unknown owner - D:\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - d:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @D:\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11923 bytes Geändert von seeder17 (23.03.2010 um 23:49 Uhr) |
|
24.03.2010, 00:03
| #2 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Ich habe gerade alle Datein noch einmal als Kopien in einem anderen Programmordner gefunden.
__________________1.exe mit CD-Symbol 3.364 kb Beschreibung: MP3 nach EXE mit Player Originalname: 1a Mp3 To Exe.exe Copyright PM Computerservice 2.exe mit blauem Wabenmuster 1.908 kb Copyright snQg Originalname sadölkflasdgdsfg.exe NewW.exe Originalname sadölkflasdgdsfg.exe Dateibeschreibung FZSlo |
|
24.03.2010, 07:34
| #3 |
  | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Hi,
__________________lasse die Dateien bei Virustotal.com untersuchen und poste das Ergebnis komplett... Zusätzlich lasse auch die folgenden Dateien untersuchen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\CTFMON\msnmsgr.exe
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
24.03.2010, 08:10
| #4 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW VirusTotal.de auf C:\Windows\CTFMON\msnmsgr.exe Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.24 - AhnLab-V3 5.0.0.2 2010.03.24 - AntiVir 8.2.1.196 2010.03.23 - Antiy-AVL 2.0.3.7 2010.03.23 - Authentium 5.2.0.5 2010.03.24 - Avast 4.8.1351.0 2010.03.23 - Avast5 5.0.332.0 2010.03.23 - AVG 9.0.0.787 2010.03.23 - BitDefender 7.2 2010.03.24 - CAT-QuickHeal 10.00 2010.03.24 - ClamAV 0.96.0.0-git 2010.03.24 - Comodo 4364 2010.03.24 - DrWeb 5.0.1.12222 2010.03.24 Win32.HLLW.SpyNet eSafe 7.0.17.0 2010.03.23 - eTrust-Vet 35.2.7385 2010.03.23 - F-Prot 4.5.1.85 2010.03.23 - F-Secure 9.0.15370.0 2010.03.24 - Fortinet 4.0.14.0 2010.03.22 - GData 19 2010.03.24 - Ikarus T3.1.1.80.0 2010.03.24 - Jiangmin 13.0.900 2010.03.24 - K7AntiVirus 7.10.1004 2010.03.22 - Kaspersky 7.0.0.125 2010.03.24 - McAfee 5929 2010.03.23 - McAfee+Artemis 5929 2010.03.23 - McAfee-GW-Edition 6.8.5 2010.03.24 - Microsoft 1.5605 2010.03.24 - NOD32 4969 2010.03.23 - Norman 6.04.10 2010.03.23 - nProtect 2009.1.8.0 2010.03.23 - Panda 10.0.2.2 2010.03.23 - PCTools 7.0.3.5 2010.03.24 - Prevx 3.0 2010.03.24 - Rising 22.40.02.02 2010.03.24 - Sophos 4.51.0 2010.03.24 - Sunbelt 6031 2010.03.22 - Symantec 20091.2.0.41 2010.03.24 Suspicious.Insight TheHacker 6.5.2.0.242 2010.03.24 - TrendMicro 9.120.0.1004 2010.03.24 - VBA32 3.12.12.2 2010.03.23 - ViRobot 2010.3.24.2241 2010.03.24 - VirusBuster 5.0.27.0 2010.03.23 - Additional information File size: 1462272 bytes MD5...: cd0982c95e59f99cc342052abb790d39 SHA1..: a64a69ac96362ec1993ce0656bf324691dd5ecfd SHA256: b01f61f83e72c7abd81e34caaba14e413559286a6c5c2bd58bda0da53ac650ea ssdeep: 12288:myjljnayaK1dwC3/BtYNngtqLVgDaxIy+5XyH2W3LtPT9tBLdwg7X2av:d jsK1d1v/h8Vg+xo5wxztdG82 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3774 timedatestamp.....: 0x4b8be8f7 (Mon Mar 01 16:19:03 2010) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x9a214 0x9b000 5.68 426d1a687e4dc5b4e933335f0401d8bf .data 0x9c000 0x2a04 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x9f000 0x2f0c4 0x30000 4.05 ae94c6e2d6cbc5e1241a3b421981fcb2 .Kerbero 0xcf000 0x98000 0x98000 6.30 f647cc18481e83e6edff15b889b5de6b ( 1 imports ) > MSVBVM60.DLL: __vbaVarTstGt, __vbaStrI2, __vbaR8ForNextCheck, __vbaNextEachAry, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaPut3, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, __vbaRaiseEvent, __vbaFreeObjList, -, -, _adj_fprem1, -, __vbaRecAnsiToUni, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenVar, _adj_fdiv_m32, __vbaAryVar, -, __vbaAryDestruct, __vbaVarIndexLoadRefLock, -, __vbaVarForInit, __vbaExitProc, -, __vbaStrLike, -, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarIndexLoad, -, __vbaStrFixstr, __vbaFpR8, __vbaRefVarAry, __vbaBoolVarNull, _CIsin, -, __vbaErase, -, -, __vbaVarZero, -, __vbaChkstk, -, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, -, __vbaGet3, __vbaStrCmp, __vbaCyI2, __vbaPutOwner3, __vbaVarTstEq, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, -, -, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, -, __vbaUI1I4, __vbaExceptHandler, -, __vbaStrToUnicode, __vbaPrintFile, -, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, __vbaGetOwner3, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaI2Var, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, -, __vbaInStr, -, __vbaNew2, __vbaR8Str, __vbaVar2Vec, _adj_fdiv_m32i, -, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, -, __vbaFreeStrList, -, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaForEachAry, __vbaVarAdd, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaVarLateMemCallLd, __vbaFpI4, -, -, _CIatan, __vbaAryCopy, -, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, __vbaAryUnlock, __vbaVarForNext, _CIexp, -, __vbaI4ErrVar, __vbaFreeObj, __vbaFreeStr, - ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Microsoft Visual Basic 6 (90.9%) Win32 Executable Generic (6.1%) Generic Win/DOS Executable (1.4%) DOS Executable Generic (1.4%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: xwBmfmQ copyright....: snQg product......: ptHRnAnaBY description..: FZSIo original name: sadolkflasdgdsfg.exe internal name: sadolkflasdgdsfg file version.: 6.49.0100 comments.....: dtw signers......: - signing date.: - verified.....: Unsigned Geändert von seeder17 (24.03.2010 um 08:45 Uhr) |
|
24.03.2010, 08:52
| #5 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Beitrag nach oben verschoben |
|
24.03.2010, 08:52
| #6 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW ========== Files/Folders - Created Within 30 Days ========== [2010.03.24 08:12:28 | 000,000,000 | ---D | C] -- C:\Users\l****\AppData\Roaming\Malwarebytes [2010.03.24 08:12:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.24 08:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.03.24 08:12:17 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.24 08:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.03.24 03:01:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2010.03.23 23:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.03.22 20:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010.03.22 20:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010.03.21 18:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010.03.21 18:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.03.21 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\l****\Desktop\GP BC [2010.03.21 13:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2010.03.21 13:36:00 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2010.03.21 13:36:00 | 000,316,464 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys [2010.03.21 13:36:00 | 000,264,488 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll [2010.03.21 13:36:00 | 000,210,216 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll [2010.03.21 13:36:00 | 000,207,144 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll [2010.03.21 13:36:00 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll [2010.03.21 13:36:00 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll [2010.03.21 13:35:59 | 000,396,584 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll [2010.03.21 13:35:59 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll [2010.03.21 12:43:28 | 000,000,000 | ---D | C] -- C:\Users\l****\AppData\Roaming\Synaptics [2010.03.20 21:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.03.20 12:35:59 | 000,000,000 | ---D | C] -- C:\Users\l****\AppData\Local\CrashDumps [2010.03.19 07:06:19 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symtdiv.sys [2010.03.19 07:06:18 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds64.sys [2010.03.19 07:06:18 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa64.sys [2010.03.19 07:06:17 | 000,504,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys [2010.03.19 07:06:17 | 000,148,528 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\ironx64.sys [2010.03.19 07:06:17 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys [2010.03.19 07:06:16 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.sys [2010.03.19 07:04:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F [2010.03.19 00:17:11 | 000,000,000 | ---D | C] -- C:\Users\l****\AppData\Local\Tific [2010.03.19 00:16:55 | 000,000,000 | ---D | C] -- C:\Users\l****\AppData\Roaming\Tific [2010.03.19 00:01:42 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.03.19 00:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010.03.19 00:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010.03.19 00:00:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2010.03.19 00:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2010.03.19 00:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.03.17 22:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.03.17 16:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2010.03.17 16:27:42 | 000,000,000 | -HSD | C] -- C:\Users\l****\AppData\Roaming\.# [2010.03.17 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Fighter [2010.03.16 09:48:46 | 000,000,000 | ---D | C] -- C:\Users\l****\Desktop\GP Genetik [2010.03.15 22:58:38 | 000,000,000 | ---D | C] -- C:\Windows\CTFMON [2010.03.15 22:47:25 | 000,021,504 | ---- | C] (Avnex) -- C:\Windows\SysNative\drivers\vcsvad.sys [2010.03.15 19:16:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Alfons [2010.03.15 18:31:08 | 000,000,000 | ---D | C] -- E:\Eigene Dokumente\AnyDVDHD [2010.03.15 18:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010.03.15 18:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Copy-Discovery 2000 [2010.03.15 16:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\alw [2010.03.15 16:40:09 | 000,000,000 | ---D | C] -- E:\Eigene Dokumente\Alcohol 120% [2010.03.15 13:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dokan [2010.03.13 18:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWinner.com [2010.03.13 16:17:56 | 000,000,000 | ---D | C] -- C:\Users\l****\Desktop\VA-Glee_The_Music_Vol_2-OST-2009-VAG [2010.03.13 14:40:26 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2010.03.12 20:05:34 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.03.09 15:06:19 | 000,000,000 | ---D | C] -- E:\Eigene Dokumente\SafeNet Sentinel [2010.03.09 15:06:18 | 000,000,000 | ---D | C] -- C:\Users\l****\.spss [2010.02.28 19:41:10 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2010.02.27 00:09:09 | 000,000,000 | ---D | C] -- C:\Users\l****\Desktop\Daft Punk - Alive 2007 [2010.02.27 00:06:14 | 000,000,000 | ---D | C] -- E:\Eigene Dokumente\Pamela [2010.02.27 00:06:05 | 000,000,000 | ---D | C] -- C:\Users\l****\AppData\Roaming\Pamela [2010.02.27 00:06:02 | 000,156,160 | ---- | C] (Scendix Software GmbH) -- C:\Windows\SysWow64\RemoteControl.dll [2010.02.24 18:40:55 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2010.02.23 20:27:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.02.23 20:27:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.02.23 20:27:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.02.23 20:27:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.02.23 20:27:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.02.23 20:27:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.02.23 20:27:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.02.23 20:27:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.02.23 20:27:01 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.02.23 20:27:01 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.02.23 20:27:01 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.02.23 20:27:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.02.23 20:27:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.02.23 20:27:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.02.23 20:27:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.02.23 19:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare [2010.02.23 19:34:12 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP [2009.09.04 18:32:34 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2009.09.04 18:32:34 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [16 C:\Users\l****\AppData\Roaming\*.tmp files -> C:\Users\l****\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.24 08:48:27 | 011,010,048 | ---- | M] () -- C:\Users\l****\NTUSER.DAT [2010.03.24 08:31:22 | 001,383,192 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Cat.DB [2010.03.24 07:55:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.24 00:34:27 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.24 00:34:27 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.24 00:24:41 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.24 00:24:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.24 00:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.24 00:23:30 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2010.03.24 00:22:04 | 002,411,169 | -H-- | M] () -- C:\Users\l****\AppData\Local\IconCache.db [2010.03.24 00:07:33 | 000,001,886 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.03.23 23:56:42 | 000,381,430 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.03.23 21:36:07 | 000,002,028 | -H-- | M] () -- E:\Eigene Dokumente\Default.rdp [2010.03.23 21:03:19 | 000,000,000 | ---- | M] () -- C:\Users\l****\netcfg [2010.03.23 17:35:02 | 002,980,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.03.22 22:30:32 | 000,095,472 | ---- | M] () -- C:\Users\l****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.22 22:24:31 | 000,025,048 | ---- | M] () -- C:\Users\l****\Desktop\Meine Bibliothek.bib [2010.03.22 20:17:14 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.03.22 20:17:14 | 000,654,334 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.03.22 20:17:14 | 000,615,958 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.03.22 20:17:14 | 000,131,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.03.22 20:17:14 | 000,107,594 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.03.22 17:01:54 | 001,725,751 | ---- | M] () -- E:\Eigene Dokumente\LoaderBackup-(2010-03-22)-1.ipd [2010.03.22 16:59:02 | 000,000,256 | ---- | M] () -- C:\pool.bin [2010.03.22 16:51:17 | 000,000,657 | ---- | M] () -- C:\Users\l****\Desktop\BlackBerry Master Control Program.lnk [2010.03.22 16:07:52 | 001,767,426 | ---- | M] () -- E:\Eigene Dokumente\LoaderBackup-(2010-03-22).ipd [2010.03.21 17:50:28 | 000,007,602 | ---- | M] () -- C:\Users\l****\AppData\Local\Resmon.ResmonCfg [2010.03.20 22:09:58 | 000,000,270 | ---- | M] () -- C:\Users\l****\Desktop\JoyToKey.ini [2010.03.20 16:10:01 | 009,518,746 | ---- | M] () -- E:\Eigene Dokumente\Backup-(2010-03-20).cab [2010.03.20 16:09:48 | 002,151,846 | ---- | M] () -- E:\Eigene Dokumente\Backup-(2010-03-20).ipd [2010.03.20 15:59:25 | 001,132,894 | ---- | M] () -- C:\Windows\SysWow64\PDFToGo.cod [2010.03.20 15:59:20 | 000,016,448 | ---- | M] () -- C:\Windows\SysWow64\DocumentsToGoFiles47Resource__en.cod [2010.03.20 15:59:20 | 000,006,600 | ---- | M] () -- C:\Windows\SysWow64\WordToGoResource__en.cod [2010.03.20 15:59:19 | 000,623,490 | ---- | M] () -- C:\Windows\SysWow64\WordToGo.cod [2010.03.20 15:59:19 | 000,001,192 | ---- | M] () -- C:\Windows\SysWow64\WordToGoResource.cod [2010.03.20 15:59:16 | 000,424,396 | ---- | M] () -- C:\Windows\SysWow64\SlideshowToGo.cod [2010.03.20 15:59:16 | 000,003,016 | ---- | M] () -- C:\Windows\SysWow64\SlideshowToGoResource__en.cod [2010.03.20 15:59:16 | 000,001,224 | ---- | M] () -- C:\Windows\SysWow64\SlideshowToGoResource.cod [2010.03.20 15:59:14 | 000,018,632 | ---- | M] () -- C:\Windows\SysWow64\SheetToGoResource__en.cod [2010.03.20 15:59:13 | 000,620,978 | ---- | M] () -- C:\Windows\SysWow64\SheetToGo.cod [2010.03.20 15:59:13 | 000,001,200 | ---- | M] () -- C:\Windows\SysWow64\SheetToGoResource.cod [2010.03.20 15:59:10 | 000,001,956 | ---- | M] () -- C:\Windows\SysWow64\DocumentsToGoFiles47Resource.cod [2010.03.20 15:59:09 | 000,748,054 | ---- | M] () -- C:\Windows\SysWow64\FiveInOneKitchenTimer.cod [2010.03.20 15:59:06 | 001,362,728 | ---- | M] () -- C:\Windows\SysWow64\DocsToGoCommon.cod [2010.03.20 15:59:01 | 000,016,444 | ---- | M] () -- C:\Windows\SysWow64\DocsToGoCommonResource__en.cod [2010.03.20 15:59:01 | 000,001,952 | ---- | M] () -- C:\Windows\SysWow64\DocsToGoCommonResource.cod [2010.03.20 15:59:00 | 000,307,706 | ---- | M] () -- C:\Windows\SysWow64\Engadget.cod [2010.03.20 15:58:59 | 000,503,832 | ---- | M] () -- C:\Windows\SysWow64\Nimbuzz.cod [2010.03.20 15:58:57 | 000,287,950 | ---- | M] () -- C:\Windows\SysWow64\com_plazmic_theme_HD_SimpleWhite_9000.cod [2010.03.20 15:58:55 | 000,279,898 | ---- | M] () -- C:\Windows\SysWow64\com_plazmic_theme_HD_SimpleBlack_9000.cod [2010.03.20 15:58:54 | 000,277,934 | ---- | M] () -- C:\Windows\SysWow64\FileManagerPro.cod [2010.03.20 15:58:52 | 000,191,292 | ---- | M] () -- C:\Windows\SysWow64\operette$2dhifi.cod [2010.03.20 15:58:51 | 000,573,752 | ---- | M] () -- C:\Windows\SysWow64\VZnet.cod [2010.03.20 15:58:49 | 000,731,720 | ---- | M] () -- C:\Windows\SysWow64\berryweather.cod [2010.03.20 15:58:46 | 000,627,102 | ---- | M] () -- C:\Windows\SysWow64\THK2_v46_480x320.cod [2010.03.20 15:58:43 | 000,393,110 | ---- | M] () -- C:\Windows\SysWow64\Sudoku_v46_480x320.cod [2010.03.20 15:58:41 | 000,364,466 | ---- | M] () -- C:\Windows\SysWow64\Klondike_v46_480x320.cod [2010.03.20 15:58:39 | 000,399,902 | ---- | M] () -- C:\Windows\SysWow64\podtrapper.cod [2010.03.20 15:58:37 | 001,084,228 | ---- | M] () -- C:\Windows\SysWow64\GoogleMaps.cod [2010.03.20 15:58:33 | 000,284,282 | ---- | M] () -- C:\Windows\SysWow64\GoogleSync_40_en.cod [2010.03.20 15:58:32 | 000,007,908 | ---- | M] () -- C:\Windows\SysWow64\LaterDude_112.cod [2010.03.20 15:58:31 | 000,240,372 | ---- | M] () -- C:\Windows\SysWow64\PoyntGraphics.cod [2010.03.20 15:58:30 | 000,550,338 | ---- | M] () -- C:\Windows\SysWow64\Shazam.cod [2010.03.20 15:58:27 | 000,523,412 | ---- | M] () -- C:\Windows\SysWow64\Poynt.cod [2010.03.20 15:58:25 | 000,308,650 | ---- | M] () -- C:\Windows\SysWow64\boltbb170.cod [2010.03.20 15:58:24 | 000,317,970 | ---- | M] () -- C:\Windows\SysWow64\cvmo_2_3_4_11_0.cod [2010.03.20 15:58:22 | 000,569,422 | ---- | M] () -- C:\Windows\SysWow64\UberTwitter.cod [2010.03.20 15:58:20 | 000,114,670 | ---- | M] () -- C:\Windows\SysWow64\BlackStar.cod [2010.03.20 15:58:19 | 000,783,026 | ---- | M] () -- C:\Windows\SysWow64\navigation.cod [2010.03.20 15:58:16 | 000,108,886 | ---- | M] () -- C:\Windows\SysWow64\smartwifi.cod [2010.03.20 15:58:15 | 000,032,988 | ---- | M] () -- C:\Windows\SysWow64\QuickPullLibrary.cod [2010.03.20 15:58:15 | 000,002,780 | ---- | M] () -- C:\Windows\SysWow64\QuickPullMonitor.cod [2010.03.20 15:58:14 | 001,106,916 | ---- | M] () -- C:\Windows\SysWow64\SBankingBB46.cod [2010.03.20 15:58:09 | 000,050,564 | ---- | M] () -- C:\Windows\SysWow64\QuickPull.cod [2010.03.20 15:58:08 | 000,028,688 | ---- | M] () -- C:\Windows\SysWow64\BlockedTrafficFree.cod [2010.03.19 00:01:31 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.03.19 00:01:31 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.03.19 00:01:31 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.03.18 23:28:22 | 000,000,600 | ---- | M] () -- C:\Users\l****\AppData\Roaming\winscp.rnd [2010.03.17 22:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\l****\NTUSER.DAT{34fd5e9d-3207-11df-a72d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.03.17 22:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\l****\NTUSER.DAT{34fd5e9d-3207-11df-a72d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.03.17 22:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\l****\NTUSER.DAT{34fd5e9d-3207-11df-a72d-806e6f6e6963}.TM.blf [2010.03.17 21:56:24 | 005,242,880 | -HS- | M] () -- C:\Users\l****\NTUSER.DAT_tureg_old [2010.03.17 17:11:49 | 000,000,680 | ---- | M] () -- C:\Users\l****\Desktop\Little Fighter 2.lnk [2010.03.16 22:05:42 | 000,000,600 | ---- | M] () -- C:\Users\l****\AppData\Local\PUTTY.RND [2010.03.15 22:31:02 | 000,000,552 | ---- | M] () -- E:\Eigene Dokumente\ax_files.xml [2010.03.15 18:34:28 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.03.15 16:39:44 | 000,001,460 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100323-235641.backup [2010.03.15 16:34:08 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.03.15 14:02:53 | 008,742,983 | ---- | M] () -- E:\Eigene Dokumente\Backup-(2010-03-15).cab [2010.03.15 14:02:39 | 001,982,631 | ---- | M] () -- E:\Eigene Dokumente\Backup-(2010-03-15).ipd [2010.03.14 15:33:17 | 001,152,778 | ---- | M] () -- C:\Users\l****\Desktop\15.docx [2010.03.12 11:25:34 | 000,000,584 | ---- | M] () -- E:\Eigene Dokumente\grstyles.stl [2010.03.12 11:09:05 | 000,000,093 | ---- | M] () -- E:\Eigene Dokumente\LastLab.sk [2010.03.03 08:37:36 | 007,175,274 | ---- | M] () -- E:\Eigene Dokumente\Backup-(2010-03-03).cab [2010.03.03 08:37:26 | 001,750,457 | ---- | M] () -- E:\Eigene Dokumente\Backup-(2010-03-03).ipd [2010.02.28 19:58:58 | 000,065,002 | ---- | M] () -- C:\Windows\War3Unin.dat [2010.02.28 19:47:07 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2010.02.28 19:47:07 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif [2010.02.27 00:13:39 | 000,156,160 | ---- | M] (Scendix Software GmbH) -- C:\Windows\SysWow64\RemoteControl.dll [2010.02.26 04:13:54 | 000,492,280 | ---- | M] () -- C:\Windows\SysNative\mcp.cpl [2010.02.23 09:16:17 | 000,294,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [16 C:\Users\l****\AppData\Roaming\*.tmp files -> C:\Users\l****\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.23 21:03:09 | 000,000,000 | ---- | C] () -- C:\Users\l****\netcfg [2010.03.22 22:24:30 | 000,025,048 | ---- | C] () -- C:\Users\l****\Desktop\Meine Bibliothek.bib [2010.03.22 17:01:54 | 001,725,751 | ---- | C] () -- E:\Eigene Dokumente\LoaderBackup-(2010-03-22)-1.ipd [2010.03.22 16:07:52 | 001,767,426 | ---- | C] () -- E:\Eigene Dokumente\LoaderBackup-(2010-03-22).ipd [2010.03.21 17:50:28 | 000,007,602 | ---- | C] () -- C:\Users\l****\AppData\Local\Resmon.ResmonCfg [2010.03.20 21:58:51 | 000,000,270 | ---- | C] () -- C:\Users\l****\Desktop\JoyToKey.ini [2010.03.20 21:29:23 | 000,643,072 | ---- | C] () -- C:\Users\l****\Desktop\JoyToKey.exe [2010.03.20 16:10:01 | 009,518,746 | ---- | C] () -- E:\Eigene Dokumente\Backup-(2010-03-20).cab [2010.03.20 16:09:48 | 002,151,846 | ---- | C] () -- E:\Eigene Dokumente\Backup-(2010-03-20).ipd [2010.03.20 15:59:25 | 001,132,894 | ---- | C] () -- C:\Windows\SysWow64\PDFToGo.cod [2010.03.20 15:59:20 | 000,016,448 | ---- | C] () -- C:\Windows\SysWow64\DocumentsToGoFiles47Resource__en.cod [2010.03.20 15:59:20 | 000,006,600 | ---- | C] () -- C:\Windows\SysWow64\WordToGoResource__en.cod [2010.03.20 15:59:19 | 000,623,490 | ---- | C] () -- C:\Windows\SysWow64\WordToGo.cod [2010.03.20 15:59:19 | 000,001,192 | ---- | C] () -- C:\Windows\SysWow64\WordToGoResource.cod [2010.03.20 15:59:16 | 000,424,396 | ---- | C] () -- C:\Windows\SysWow64\SlideshowToGo.cod [2010.03.20 15:59:16 | 000,003,016 | ---- | C] () -- C:\Windows\SysWow64\SlideshowToGoResource__en.cod [2010.03.20 15:59:16 | 000,001,224 | ---- | C] () -- C:\Windows\SysWow64\SlideshowToGoResource.cod [2010.03.20 15:59:14 | 000,018,632 | ---- | C] () -- C:\Windows\SysWow64\SheetToGoResource__en.cod [2010.03.20 15:59:13 | 000,620,978 | ---- | C] () -- C:\Windows\SysWow64\SheetToGo.cod [2010.03.20 15:59:13 | 000,001,200 | ---- | C] () -- C:\Windows\SysWow64\SheetToGoResource.cod [2010.03.20 15:59:10 | 000,001,956 | ---- | C] () -- C:\Windows\SysWow64\DocumentsToGoFiles47Resource.cod [2010.03.20 15:59:09 | 000,748,054 | ---- | C] () -- C:\Windows\SysWow64\FiveInOneKitchenTimer.cod [2010.03.20 15:59:06 | 001,362,728 | ---- | C] () -- C:\Windows\SysWow64\DocsToGoCommon.cod [2010.03.20 15:59:01 | 000,016,444 | ---- | C] () -- C:\Windows\SysWow64\DocsToGoCommonResource__en.cod [2010.03.20 15:59:01 | 000,001,952 | ---- | C] () -- C:\Windows\SysWow64\DocsToGoCommonResource.cod [2010.03.20 15:59:00 | 000,307,706 | ---- | C] () -- C:\Windows\SysWow64\Engadget.cod [2010.03.20 15:58:59 | 000,503,832 | ---- | C] () -- C:\Windows\SysWow64\Nimbuzz.cod [2010.03.20 15:58:57 | 000,287,950 | ---- | C] () -- C:\Windows\SysWow64\com_plazmic_theme_HD_SimpleWhite_9000.cod [2010.03.20 15:58:55 | 000,279,898 | ---- | C] () -- C:\Windows\SysWow64\com_plazmic_theme_HD_SimpleBlack_9000.cod [2010.03.20 15:58:54 | 000,277,934 | ---- | C] () -- C:\Windows\SysWow64\FileManagerPro.cod [2010.03.20 15:58:52 | 000,191,292 | ---- | C] () -- C:\Windows\SysWow64\operette$2dhifi.cod [2010.03.20 15:58:51 | 000,573,752 | ---- | C] () -- C:\Windows\SysWow64\VZnet.cod [2010.03.20 15:58:49 | 000,731,720 | ---- | C] () -- C:\Windows\SysWow64\berryweather.cod [2010.03.20 15:58:46 | 000,627,102 | ---- | C] () -- C:\Windows\SysWow64\THK2_v46_480x320.cod [2010.03.20 15:58:43 | 000,393,110 | ---- | C] () -- C:\Windows\SysWow64\Sudoku_v46_480x320.cod [2010.03.20 15:58:41 | 000,364,466 | ---- | C] () -- C:\Windows\SysWow64\Klondike_v46_480x320.cod [2010.03.20 15:58:39 | 000,399,902 | ---- | C] () -- C:\Windows\SysWow64\podtrapper.cod [2010.03.20 15:58:37 | 001,084,228 | ---- | C] () -- C:\Windows\SysWow64\GoogleMaps.cod [2010.03.20 15:58:33 | 000,284,282 | ---- | C] () -- C:\Windows\SysWow64\GoogleSync_40_en.cod [2010.03.20 15:58:32 | 000,007,908 | ---- | C] () -- C:\Windows\SysWow64\LaterDude_112.cod [2010.03.20 15:58:31 | 000,240,372 | ---- | C] () -- C:\Windows\SysWow64\PoyntGraphics.cod [2010.03.20 15:58:30 | 000,550,338 | ---- | C] () -- C:\Windows\SysWow64\Shazam.cod [2010.03.20 15:58:27 | 000,523,412 | ---- | C] () -- C:\Windows\SysWow64\Poynt.cod [2010.03.20 15:58:25 | 000,308,650 | ---- | C] () -- C:\Windows\SysWow64\boltbb170.cod [2010.03.20 15:58:24 | 000,317,970 | ---- | C] () -- C:\Windows\SysWow64\cvmo_2_3_4_11_0.cod [2010.03.20 15:58:22 | 000,569,422 | ---- | C] () -- C:\Windows\SysWow64\UberTwitter.cod [2010.03.20 15:58:20 | 000,114,670 | ---- | C] () -- C:\Windows\SysWow64\BlackStar.cod [2010.03.20 15:58:19 | 000,783,026 | ---- | C] () -- C:\Windows\SysWow64\navigation.cod [2010.03.20 15:58:16 | 000,108,886 | ---- | C] () -- C:\Windows\SysWow64\smartwifi.cod [2010.03.20 15:58:15 | 000,032,988 | ---- | C] () -- C:\Windows\SysWow64\QuickPullLibrary.cod [2010.03.20 15:58:15 | 000,002,780 | ---- | C] () -- C:\Windows\SysWow64\QuickPullMonitor.cod [2010.03.20 15:58:14 | 001,106,916 | ---- | C] () -- C:\Windows\SysWow64\SBankingBB46.cod [2010.03.20 15:58:09 | 000,050,564 | ---- | C] () -- C:\Windows\SysWow64\QuickPull.cod [2010.03.20 15:58:08 | 000,028,688 | ---- | C] () -- C:\Windows\SysWow64\BlockedTrafficFree.cod [2010.03.20 15:51:49 | 000,000,657 | ---- | C] () -- C:\Users\l****\Desktop\BlackBerry Master Control Program.lnk [2010.03.19 12:58:54 | 001,383,192 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\Cat.DB [2010.03.19 07:06:19 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnetv64.cat [2010.03.19 07:06:19 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnetv.inf [2010.03.19 07:06:18 | 000,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa64.cat [2010.03.19 07:06:18 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnet64.cat [2010.03.19 07:06:18 | 000,003,374 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa.inf [2010.03.19 07:06:18 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symnet.inf [2010.03.19 07:06:17 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.cat [2010.03.19 07:06:17 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.cat [2010.03.19 07:06:17 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds64.cat [2010.03.19 07:06:17 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds.inf [2010.03.19 07:06:17 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.inf [2010.03.19 07:06:17 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.inf [2010.03.19 07:06:16 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\iron.cat [2010.03.19 07:06:16 | 000,007,345 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.cat [2010.03.19 07:06:16 | 000,001,840 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.inf [2010.03.19 07:06:16 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\iron.inf [2010.03.19 07:04:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\isolate.ini [2010.03.19 00:01:42 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.03.19 00:01:42 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.03.17 21:57:27 | 000,524,288 | -HS- | C] () -- C:\Users\l****\NTUSER.DAT{34fd5e9d-3207-11df-a72d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.03.17 21:57:27 | 000,524,288 | -HS- | C] () -- C:\Users\l****\NTUSER.DAT{34fd5e9d-3207-11df-a72d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.03.17 21:57:27 | 000,065,536 | -HS- | C] () -- C:\Users\l****\NTUSER.DAT{34fd5e9d-3207-11df-a72d-806e6f6e6963}.TM.blf [2010.03.17 17:11:49 | 000,000,680 | ---- | C] () -- C:\Users\l****\Desktop\Little Fighter 2.lnk [2010.03.15 18:34:28 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.03.15 17:00:22 | 000,000,552 | ---- | C] () -- E:\Eigene Dokumente\ax_files.xml [2010.03.15 14:02:53 | 008,742,983 | ---- | C] () -- E:\Eigene Dokumente\Backup-(2010-03-15).cab [2010.03.15 14:02:38 | 001,982,631 | ---- | C] () -- E:\Eigene Dokumente\Backup-(2010-03-15).ipd [2010.03.15 13:12:48 | 000,000,600 | ---- | C] () -- C:\Users\l****\AppData\Roaming\winscp.rnd [2010.03.14 14:19:05 | 001,152,778 | ---- | C] () -- C:\Users\l****\Desktop\15.docx [2010.03.03 08:37:36 | 007,175,274 | ---- | C] () -- E:\Eigene Dokumente\Backup-(2010-03-03).cab [2010.03.03 08:37:26 | 001,750,457 | ---- | C] () -- E:\Eigene Dokumente\Backup-(2010-03-03).ipd [2010.02.28 19:41:11 | 000,065,002 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.02.28 19:41:10 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif [2010.02.03 23:25:23 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.02.03 23:23:17 | 001,527,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.31 11:21:46 | 000,001,886 | ---- | C] () -- C:\Windows\Sandboxie.ini [2009.12.03 16:54:13 | 000,270,848 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE [2009.12.03 16:54:13 | 000,006,006 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI [2009.12.03 16:54:13 | 000,003,574 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.11.03 13:16:27 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2009.10.29 11:09:52 | 000,000,600 | ---- | C] () -- C:\Users\l****\AppData\Local\PUTTY.RND [2009.09.23 14:40:00 | 000,292,878 | ---- | C] () -- C:\ProgramData\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}master_install_pkg.ico [2009.09.23 14:40:00 | 000,043,988 | ---- | C] () -- C:\ProgramData\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}aul.xml [2009.09.23 14:40:00 | 000,037,074 | ---- | C] () -- C:\ProgramData\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}banner.png [2009.09.23 14:40:00 | 000,019,208 | ---- | C] () -- C:\ProgramData\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}application.sif [2009.09.08 15:25:36 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys [2009.09.08 15:21:58 | 000,268,716 | ---- | C] () -- C:\Users\l****\AppData\Local\edsinstaller.txt-20090908.log [2009.09.07 18:07:09 | 000,931,840 | ---- | C] () -- C:\Windows\SysWow64\System.Data.SQLite.dll [2009.09.06 14:09:08 | 000,027,335 | ---- | C] () -- C:\Users\l****\AppData\Roaming\nvModes.001 [2009.09.06 13:05:48 | 000,027,335 | ---- | C] () -- C:\Users\l****\AppData\Roaming\nvModes.dat [2009.09.05 18:03:58 | 003,211,264 | ---- | C] () -- C:\Program Files (x86)\Common FilesDDBACSetup.msi [2009.09.05 14:49:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.05 12:59:34 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2009.09.05 12:59:34 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2009.09.05 12:59:34 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2009.09.05 12:50:58 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2009.09.05 12:50:58 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2009.09.04 18:32:34 | 001,729,152 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Users\l****\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 < End of report > Geändert von seeder17 (24.03.2010 um 09:04 Uhr) |
|
24.03.2010, 08:55
| #7 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW OTL logfile created on: 24.03.2010 08:47:33 - Run 2 OTL by OldTimer - Version 3.1.37.3 Folder = E:\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 22,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 38,43 Gb Total Space | 5,14 Gb Free Space | 13,38% Space Free | Partition Type: NTFS Drive D: | 54,05 Gb Total Space | 4,85 Gb Free Space | 8,98% Space Free | Partition Type: NTFS Drive E: | 205,51 Gb Total Space | 45,36 Gb Free Space | 22,07% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D**** Current User Name: L**** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - d:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - D:\Launchy\Launchy.exe () PRC - D:\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software)) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - E:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (nlsvc) -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe (Locktime Software) SRV - (TuneUp.Defrag) -- D:\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- D:\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (StarWindServiceAE) -- d:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe (Symantec Corporation) SRV - (dtpd) -- d:\ShrewSoft\VPN Client\dtpd.exe () SRV - (iked) -- d:\ShrewSoft\VPN Client\iked.exe () SRV - (ipsecd) -- d:\ShrewSoft\VPN Client\ipsecd.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (DAUpdaterSvc) -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (.bntr) -- C:\ProgramData\Norton\bntr.exe () SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software)) SRV - (AcronisOSSReinstallSvc) -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe () SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\ironx64.sys (Symantec Corporation) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symtdiv.sys (Symantec Corporation) DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc) DRV:64bit: - (qrkis) -- C:\Windows\SysNative\drivers\qrkis.sys (Tether) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds64.sys (Symantec Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (nltdi) -- C:\Windows\SysNative\drivers\nltdi.sys (Locktime Software) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100323.041\EX64.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100323.041\ENG64.SYS (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys (Symantec Corporation) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100317.002\IDSviA64.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- D:\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG) DRV - (CSC) -- C:\Windows\CSC [2009.09.05 02:45:20 | 000,000,000 | ---D | M] DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys () DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysWOW64\drivers\snp2uvc.sys () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 34 EC E1 F3 C5 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig" FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0 FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.8.1 FF - prefs.js..extensions.enabledItems: dendzones@captaincaveman.nl:1.5.0.2 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20100306 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.6 FF - prefs.js..extensions.enabledItems: firegpg@firegpg.team:0.7.10 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4 FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3 FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.1 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.2 FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0a3 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "proxy.ucd.ie" FF - prefs.js..network.proxy.ftp_port: 8484 FF - prefs.js..network.proxy.gopher: "proxy.ucd.ie" FF - prefs.js..network.proxy.gopher_port: 8484 FF - prefs.js..network.proxy.http: "proxy.ucd.ie" FF - prefs.js..network.proxy.http_port: 8484 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.ssl: "proxy.ucd.ie" FF - prefs.js..network.proxy.ssl_port: 8484 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.12 19:42:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.03.19 00:05:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.03.19 13:01:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: D:\Mozilla Firefox\components [2010.03.23 23:21:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.03.23 23:21:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: D:\Mozilla Thunderbird\components [2010.03.18 23:36:30 | 000,000,000 | ---D | M] [2010.02.03 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Extensions [2010.02.03 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2010.03.24 08:42:17 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions [2010.01.30 21:01:38 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2009.11.18 23:50:49 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} [2010.01.25 22:42:46 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509} [2010.01.27 22:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009.09.19 16:25:51 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795} [2010.03.20 15:39:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.09.05 16:00:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.01.22 18:40:52 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2010.01.31 16:35:21 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2009.09.05 16:00:22 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2009.09.05 15:20:16 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009.10.21 12:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.01.07 19:32:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.29 13:23:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.01.11 23:02:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.09.07 18:16:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.02.12 16:08:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.03.12 19:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2010.01.24 19:03:55 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\add-to-searchbox@maltekraus.de [2010.03.12 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\bettergmail2@ginatrapani.org [2010.03.12 19:39:20 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\de_DE@dicts.j3e.de [2010.02.08 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\dendzones@captaincaveman.nl [2010.02.08 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\DeviceDetection@logitech.com [2009.09.23 10:00:36 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.03.12 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\firebug@software.joehewitt.com [2010.01.27 22:34:57 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\firegestures@xuldev.org [2009.11.09 16:54:40 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\firegpg@firegpg.team [2010.02.22 16:03:22 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\foxyproxy@eric.h.jung [2010.03.17 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\personas@christopher.beard [2010.01.07 09:21:01 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\piclens@cooliris.com [2010.03.21 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\zotero@chnm.gmu.edu [2010.03.21 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\l****\AppData\Roaming\mozilla\Firefox\Profiles\qugsp3bo.default\extensions\zoteroWinWordIntegration@zotero.org [2010.01.23 11:55:05 | 000,001,565 | ---- | M] () -- C:\Users\l****\AppData\Roaming\Mozilla\FireFox\Profiles\qugsp3bo.default\searchplugins\boersebz.xml [2009.09.11 16:52:55 | 000,002,673 | ---- | M] () -- C:\Users\l****\AppData\Roaming\Mozilla\FireFox\Profiles\qugsp3bo.default\searchplugins\collectr.xml [2010.01.30 23:45:29 | 000,000,539 | ---- | M] () -- C:\Users\l****\AppData\Roaming\Mozilla\FireFox\Profiles\qugsp3bo.default\searchplugins\packetfind-v2---xdcc-search-engine.xml [2009.10.14 14:50:14 | 000,000,734 | ---- | M] () -- C:\Users\l****\AppData\Roaming\Mozilla\FireFox\Profiles\qugsp3bo.default\searchplugins\phpnet.xml [2008.07.30 17:26:16 | 000,001,143 | ---- | M] () -- C:\Users\l****\AppData\Roaming\Mozilla\FireFox\Profiles\qugsp3bo.default\searchplugins\wikipedia-en.xml [2009.06.07 17:31:24 | 000,000,945 | ---- | M] () -- C:\Users\l****\AppData\Roaming\Mozilla\FireFox\Profiles\qugsp3bo.default\searchplugins\youtube-videosuche.xml O1 HOSTS File: ([2010.03.23 23:56:42 | 000,381,430 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 CD and DVD Burning Software - Alcohol Soft copy and virtual drive software Alcohol 120 and 52% Free Edition O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 13134 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] D:\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Winload] C:\Windows\CTFMON\msnmsgr.exe (xwBmfmQ) O4 - HKCU..\Run: [AlcoholAutomount] d:\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [BySoft FreeRAM] C:\Program Files (x86)\BySoft FreeRAM\FreeRAM.exe File not found O4 - HKCU..\Run: [CTFMON] C:\Windows\CTFMON\msnmsgr.exe (xwBmfmQ) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: msnmsgr.exe = C:\Windows\CTFMON\msnmsgr.exe (xwBmfmQ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: msnmsgr.exe = C:\Windows\CTFMON\msnmsgr.exe (xwBmfmQ) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.07 16:35:30 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O33 - MountPoints2\{c6365d6a-c069-11de-93be-001b2454b353}\Shell - "" = AutoRun O33 - MountPoints2\{c6365d6a-c069-11de-93be-001b2454b353}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found O33 - MountPoints2\{c636628e-c069-11de-93be-001b2454b353}\Shell - "" = AutoRun O33 - MountPoints2\{c636628e-c069-11de-93be-001b2454b353}\Shell\AutoRun\command - "" = L:\setup.exe -- File not found O33 - MountPoints2\{d69b0ff1-e1ac-11de-8974-001b2454b353}\Shell - "" = AutoRun O33 - MountPoints2\{d69b0ff1-e1ac-11de-8974-001b2454b353}\Shell\AutoRun\command - "" = H:\starter.bat -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\starter.bat -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Geändert von seeder17 (24.03.2010 um 09:04 Uhr) |
|
24.03.2010, 09:37
| #8 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Hi, soso ein Microsoft-Messenger mit VB programmiert, seltsam, oder?
Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: msnmsgr.exe = C:\Windows\CTFMON\msnmsgr.exe (xwBmfmQ)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: msnmsgr.exe = C:\Windows\CTFMON\msnmsgr.exe (xwBmfmQ)
:Commands
[emptytemp]
[Reboot]
Was meldet MAM? chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
24.03.2010, 13:43
| #9 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3907 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24.03.2010 13:42:37 mbam-log-2010-03-24 (13-42-37).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 456470 Laufzeit: 2 hour(s), 0 minute(s), 22 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7k56q01g-w035-a388-6m60-174y0063re40} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\CTFMON\msnmsgr.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\Program Files (x86)\Porrasturvat - Stair Dismount\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. D:\cryptload\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully. D:\ImageJ\jre\bin\ioser12.dll (Trojan.Downloader) -> Quarantined and deleted successfully. |
|
24.03.2010, 13:57
| #10 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Hi, das sieht schon nicht schlecht aus, was macht der Rechner? C:\Windows\CTFMON\msnmsgr.exe wäre auch durch das OTL-Script entfernt worden... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
24.03.2010, 23:06
| #11 |
| | Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW Ja hat sich damit erledigt. Ich danke dir für die schnelle Lösung und die Infos. Werd damit gut arbeiten können, wenn mir sowas nochmal unterkommt. THX |
|
| Themen zu Worm, Trojaner, Nervensäge 1.exe, 2.exe, new.exe, SAW |
| 1.exe, 64-bit, adobe, anfang, bho, bitte um hilfe, bonjour, disk director, exe-datei, explorer, frage, google, gupdate, hijack, hijackthis, hängen, internet, internet explorer, intrusion prevention, maus, neustart, new.exe, nvidia, pdf, pdf-datei, plug-in, problem, programdata, proxy, registry, saw-virus, security, starten, symantec, system, syswow64, tastatur, trojaner, windows, winload, ändern |
Linear-Darstellung
