| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ebay Account missbraucht, Quelle unbekannt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.04.2010, 17:35
| #16 |
| /// Helfer-Team  |  ebay Account missbraucht, Quelle unbekannt. Ok, habe gerade erfahren, dass RootRepeal untauglich ist.  Deaktiviere bitte deine Daemon-Tools und versuch erneut einen Scan mit GMER. |
|
14.05.2010, 04:32
| #17 |
 | ebay Account missbraucht, Quelle unbekannt. Es hat sehr lange gedauert bis ich GMER wieder versucht habe und es ist mir wieder abgestürzt bzw. hatte ich nen Bluescreen mit der Meldung Bad_Pool_Caller.
__________________Mein System läuft schon sehr lange stabil ohne Bluescreen. Deshalb kann ich mit GMER keinen Scan machen. Ich habe, aber das Gefühl, dass immer noch nen Keylogger im System ist. Hab auch nochmal mit der aktuellen Version von Malwarebytes gescant und er hat nichts gefunden. |
|
14.05.2010, 13:03
| #18 |
| | ebay Account missbraucht, Quelle unbekannt. Ich hab mal mit GMER nur meine Partition F:/ ausgewählt, dabei ist er aber auch den Windows Ordner auf meiner Partition C:/ durchlaufen. So haben wir wenigstens schonmal ein Teilergebnis. Ich werd nochmal am heutigen Tag versuchen nur die Partition C:/ scannen zu lassen.
__________________Hier schonmal das LogFile Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 13:49:55
Windows 5.1.2600 Service Pack 3
Running: 1nxc10om.exe; Driver: C:\DOKUME~1\marco\LOKALE~1\Temp\pwwyikob.sys
---- System - GMER 1.0.15 ----
SSDT 89152650 ZwAlertResumeThread
SSDT 89150CF0 ZwAlertThread
SSDT 891BD720 ZwAllocateVirtualMemory
SSDT 89232A28 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB063D020]
SSDT 89153D78 ZwCreateMutant
SSDT 89152C18 ZwCreateThread
SSDT 89149F28 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB063D2A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB063D800]
SSDT spib.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spib.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT 891DF088 ZwFreeVirtualMemory
SSDT 89153E48 ZwImpersonateAnonymousToken
SSDT 89152590 ZwImpersonateThread
SSDT 8915BB98 ZwMapViewOfSection
SSDT 89154E88 ZwOpenEvent
SSDT spib.sys ZwOpenKey [0xB7EB50C0]
SSDT 8915F128 ZwOpenProcessToken
SSDT 89154CE8 ZwOpenSection
SSDT 890CF2F0 ZwOpenThreadToken
SSDT spib.sys ZwQueryKey [0xB7ECE20A]
SSDT spib.sys ZwQueryValueKey [0xB7ECE08A]
SSDT 891519A8 ZwResumeThread
SSDT 89150B08 ZwSetContextThread
SSDT 890CF3C0 ZwSetInformationProcess
SSDT 89162EB0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB063DA50]
SSDT 89154DC8 ZwSuspendProcess
SSDT 89162E30 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\CO_Mon.sys (Behavior Blocker v2007.1 WDM driver (2007.1.1.99)/Symantec Corporation) ZwTerminateProcess [0xB835C760]
SSDT 890CF2B8 ZwTerminateThread
SSDT 8914EDF8 ZwUnmapViewOfSection
SSDT 891DF008 ZwWriteVirtualMemory
INT 0x62 ? 8AF91BF8
INT 0x63 ? 8AE4AF00
INT 0x63 ? 8AE4AF00
INT 0x63 ? 8AE4AF00
INT 0x73 ? 8AF91BF8
INT 0x73 ? 8AF91BF8
INT 0x82 ? 8AF91BF8
INT 0x83 ? 8AE4AF00
INT 0x83 ? 8AE4AF00
INT 0x83 ? 8AE4AF00
INT 0xA4 ? 8AE4AF00
INT 0xB4 ? 8AE4AF00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504660 4 Bytes CALL AED95BB1
? spib.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB3495360, 0x3D46A5, 0xE8000020]
.text USBPORT.SYS!DllUnload B34588AC 5 Bytes JMP 8AE4A4E0
.text a8gnp6fy.SYS B32FA386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8gnp6fy.SYS B32FA3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8gnp6fy.SYS B32FA3C4 3 Bytes [00, 80, 02]
.text a8gnp6fy.SYS B32FA3C9 1 Byte [30]
.text a8gnp6fy.SYS B32FA3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spib.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spib.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spib.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spib.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spib.sys
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a8gnp6fy.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spib.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AF901F8
Device \FileSystem\Fastfat \FatCdrom 89128500
Device \Driver\sptd \Device\07863192 spib.sys
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8AD85500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0081F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0081F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0081F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0081F8
Device \Driver\usbohci \Device\USBPDO-1 8AD85500
Device \Driver\usbehci \Device\USBPDO-2 8ADB8500
Device \Driver\usbohci \Device\USBPDO-3 8AD85500
Device \Driver\usbohci \Device\USBPDO-4 8AD85500
Device \Driver\NetBT \Device\NetBT_Tcpip_{83EB6765-5382-4565-BAEB-B26115882A90} 89017500
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbehci \Device\USBPDO-5 8ADB8500
Device \Driver\usbohci \Device\USBPDO-6 8AD85500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF921F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8859F334-9827-4BD1-80A8-BEC3E41AD09B} 89017500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF921F8
Device \Driver\Cdrom \Device\CdRom0 8AE61500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AF921F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\PCI_PNP6942 \Device\00000066 spib.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 89017500
Device \Driver\NetBT \Device\NetbiosSmb 89017500
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBFDO-0 8AD85500
Device \Driver\usbohci \Device\USBFDO-1 8AD85500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89121500
Device \Driver\usbehci \Device\USBFDO-2 8ADB8500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89121500
Device \Driver\usbohci \Device\USBFDO-3 8AD85500
Device \Driver\usbohci \Device\USBFDO-4 8AD85500
Device \Driver\Ftdisk \Device\FtControl 8AF921F8
Device \Driver\usbehci \Device\USBFDO-5 8ADB8500
Device \Driver\usbohci \Device\USBFDO-6 8AD85500
Device \Driver\a8gnp6fy \Device\Scsi\a8gnp6fy1 8ACDC500
Device \FileSystem\Fastfat \Fat 89128500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 890DB500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x76 0xDA 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x1F 0xC7 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0x3C 0xA5 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xD7 0x40 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x76 0xDA 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE7 0x0A 0xA6 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0xF9 0xB3 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x76 0xDA 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x1F 0xC7 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0x3C 0xA5 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xD7 0x40 0xA9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@iajjeleicdcbmalfgc 0x6B 0x61 0x6D 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@hapjcebafhpiaede 0x6B 0x61 0x6D 0x61 ...
---- EOF - GMER 1.0.15 ----
|
|
14.05.2010, 15:16
| #19 |
| | ebay Account missbraucht, Quelle unbekannt. Hier das Log der Partition E:/ Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 16:08:46
Windows 5.1.2600 Service Pack 3
Running: n2ws5d6u.exe; Driver: C:\DOKUME~1\marco\LOKALE~1\Temp\pwwyikob.sys
---- System - GMER 1.0.15 ----
SSDT 892EAE40 ZwAlertResumeThread
SSDT 892EAF00 ZwAlertThread
SSDT 892EB810 ZwAllocateVirtualMemory
SSDT 8ACE9EB8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB06F0020]
SSDT 892EABF0 ZwCreateMutant
SSDT 892EB8E8 ZwCreateThread
SSDT 892EA9B0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB06F02A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB06F0800]
SSDT spig.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spig.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT 892EB6F0 ZwFreeVirtualMemory
SSDT 892EACC0 ZwImpersonateAnonymousToken
SSDT 892EAD80 ZwImpersonateThread
SSDT 892EB650 ZwMapViewOfSection
SSDT 892EAB30 ZwOpenEvent
SSDT spig.sys ZwOpenKey [0xB7EB50C0]
SSDT 892F65E0 ZwOpenProcessToken
SSDT 89066358 ZwOpenSection
SSDT 892EB4E8 ZwOpenThreadToken
SSDT spig.sys ZwQueryKey [0xB7ECE20A]
SSDT spig.sys ZwQueryValueKey [0xB7ECE08A]
SSDT 892F7220 ZwResumeThread
SSDT 892EB428 ZwSetContextThread
SSDT 892EB578 ZwSetInformationProcess
SSDT 892EB358 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB06F0A50]
SSDT 892EAA70 ZwSuspendProcess
SSDT 892EA008 ZwSuspendThread
SSDT 892ED058 ZwTerminateProcess
SSDT 892EB298 ZwTerminateThread
SSDT 893484F8 ZwUnmapViewOfSection
SSDT 892EB780 ZwWriteVirtualMemory
INT 0x62 ? 8AF91BF8
INT 0x63 ? 8AE5EF00
INT 0x63 ? 8AE5EF00
INT 0x63 ? 8AE5EF00
INT 0x73 ? 8AF91BF8
INT 0x73 ? 8AF91BF8
INT 0x82 ? 8AF91BF8
INT 0x83 ? 8AE5EF00
INT 0x83 ? 8AE5EF00
INT 0x83 ? 8AE5EF00
INT 0xA4 ? 8AE5EF00
INT 0xB4 ? 8AE5EF00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA4 80504540 4 Bytes CALL C6D973FD
.text ntkrnlpa.exe!ZwCallbackReturn + 2DD4 80504670 4 Bytes CALL 5AD97529
? spig.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB3495360, 0x3D46A5, 0xE8000020]
.text USBPORT.SYS!DllUnload B34588AC 5 Bytes JMP 8AE5E4E0
.text aze8xyy6.SYS B32FA386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aze8xyy6.SYS B32FA3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aze8xyy6.SYS B32FA3C4 3 Bytes [00, 80, 02]
.text aze8xyy6.SYS B32FA3C9 1 Byte [30]
.text aze8xyy6.SYS B32FA3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spig.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spig.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spig.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spig.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spig.sys
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aze8xyy6.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spig.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AF901F8
Device \FileSystem\Fastfat \FatCdrom 89290500
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\sptd \Device\2553353752 spig.sys
Device \Driver\usbohci \Device\USBPDO-0 8AE21500
Device \Driver\usbohci \Device\USBPDO-1 8AE21500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0081F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0081F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0081F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0081F8
Device \Driver\usbehci \Device\USBPDO-2 8ACE8500
Device \Driver\usbohci \Device\USBPDO-3 8AE21500
Device \Driver\usbohci \Device\USBPDO-4 8AE21500
Device \Driver\NetBT \Device\NetBT_Tcpip_{83EB6765-5382-4565-BAEB-B26115882A90} 892FD1F8
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbehci \Device\USBPDO-5 8ACE8500
Device \Driver\usbohci \Device\USBPDO-6 8AE21500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF921F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8859F334-9827-4BD1-80A8-BEC3E41AD09B} 892FD1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF921F8
Device \Driver\Cdrom \Device\CdRom0 8ACD51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AF921F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\PCI_PNP7502 \Device\00000066 spig.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 892FD1F8
Device \Driver\NetBT \Device\NetbiosSmb 892FD1F8
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbohci \Device\USBFDO-0 8AE21500
Device \Driver\usbohci \Device\USBFDO-1 8AE21500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892E8500
Device \Driver\usbehci \Device\USBFDO-2 8ACE8500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 892E8500
Device \Driver\usbohci \Device\USBFDO-3 8AE21500
Device \Driver\usbohci \Device\USBFDO-4 8AE21500
Device \Driver\Ftdisk \Device\FtControl 8AF921F8
Device \Driver\usbehci \Device\USBFDO-5 8ACE8500
Device \Driver\usbohci \Device\USBFDO-6 8AE21500
Device \Driver\aze8xyy6 \Device\Scsi\aze8xyy61 8ADC61F8
Device \FileSystem\Fastfat \Fat 89290500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89299500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x76 0xDA 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x1F 0xC7 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0x3C 0xA5 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xD7 0x40 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x76 0xDA 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE7 0x0A 0xA6 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD7 0xF9 0xB3 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x76 0xDA 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x1F 0xC7 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0x3C 0xA5 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8E 0xD7 0x40 0xA9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@iajjeleicdcbmalfgc 0x6B 0x61 0x6D 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@hapjcebafhpiaede 0x6B 0x61 0x6D 0x61 ...
---- EOF - GMER 1.0.15 ----
|
|
14.05.2010, 17:50
| #20 |
| /// Helfer-Team | ebay Account missbraucht, Quelle unbekannt. Hi, das ganze ist jetzt knapp nen Monat her, da kann sich viel getan haben auf Deinem System. Erstell mir bitte ein neues OTL-Logfile und lass noch mal Malwarebytes durchlaufen. Die GMER-Logs sind imho sauber. |
|
14.05.2010, 20:42
| #21 |
| | ebay Account missbraucht, Quelle unbekannt. Das Malwarebytes Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4096
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.05.2010 19:38:55
mbam-log-2010-05-13 (19-38-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 439157
Laufzeit: 1 Stunde(n), 35 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL-Log Code:
ATTFilter OTL logfile created on: 14.05.2010 21:45:51 - Run 2 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Dokumente und Einstellungen\marco\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 16,21 Gb Free Space | 33,20% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 146,48 Gb Total Space | 90,34 Gb Free Space | 61,68% Space Free | Partition Type: NTFS Drive F: | 270,44 Gb Total Space | 169,49 Gb Free Space | 62,67% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARCO-ED193E38F Current User Name: marco Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - F:\TimeLeft3\TimeLeft.exe (NesterSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - F:\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe () PRC - F:\hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - F:\Rainlendar2\Rainlendar2.exe () PRC - F:\Winamp\winamp.exe (Nullsoft) PRC - C:\Programme\Vtune\TBPANEL.exe () PRC - F:\Nettalk6\Nettalk.exe (Nicolas Kruse) PRC - C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) PRC - C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company) PRC - C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (Hamachi2Svc) -- F:\hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (LiveUpdate Notice) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (comHost) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100514.005\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100514.005\NAVENG.SYS (Symantec Corporation) DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ipsdefs\20100510.001\SymIDSCo.sys (Symantec Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: firefoxstats@matthew.hambly:1.2.2n FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks_remote_dns: true FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 00:20:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.24 13:42:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.24 13:40:23 | 000,000,000 | ---D | M] [2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions [2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.05.14 19:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions [2009.11.02 21:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.12.05 16:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2009.10.30 21:52:33 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010.04.30 16:37:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\battlefieldheroespatcher@ea.com [2010.03.19 19:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefox@tvunetworks.com [2009.12.19 19:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefoxstats@matthew.hambly [2010.02.18 23:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\toolbar@ask.com [2010.05.13 19:28:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.24 13:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.17 10:14:14 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Gemeinsame Dateien\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\Nettalk.lnk = F:\Nettalk6\Nettalk.exe (Nicolas Kruse) O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\TimeLeft.lnk = F:\TimeLeft3\TimeLeft.exe (NesterSoft Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.30 19:20:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.14 21:00:43 | 000,000,000 | ---D | M] - F:\Autoupdate -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.14 16:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi [2010.05.10 17:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\NesterSoft [2010.05.09 20:17:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\marxio-tools [2010.05.09 20:17:45 | 000,000,000 | ---D | C] -- C:\Programme\Marxio Timer [2010.05.02 22:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\StarCraft II Beta [2010.05.02 22:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Blizzard Entertainment [2010.05.02 22:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment [2010.05.02 22:11:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard [2010.05.02 19:37:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment [2010.05.02 16:59:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Procaster [2010.05.02 16:59:46 | 000,000,000 | ---D | C] -- C:\Programme\Livestream Procaster [2010.05.01 20:11:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.04.27 19:52:51 | 000,000,000 | ---D | C] -- C:\Programme\VDMSound [2010.04.27 19:45:50 | 000,000,000 | ---D | C] -- C:\spiele [2010.04.27 18:29:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DOSBox [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010.04.25 13:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\DISCOSCHLAMPEN [2010.04.24 13:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.04.24 13:42:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.04.24 13:42:34 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.04.24 13:42:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.04.24 13:42:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.04.24 13:42:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.04.20 13:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage [2010.04.19 16:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.04.18 11:25:25 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe [2010.01.02 18:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2009.12.31 16:06:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.sys [2009.11.08 18:59:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2009.10.30 19:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2009.10.30 19:20:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2005.06.18 08:04:56 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.14 21:01:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.05.14 16:12:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.14 16:12:20 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.CDF [2010.05.14 16:12:01 | 000,235,380 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.05.14 16:11:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.14 16:11:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.14 15:21:05 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\n2ws5d6u.exe [2010.05.14 13:52:59 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK [2010.05.14 05:39:31 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.05.14 05:39:31 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.05.14 05:39:31 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.05.14 05:39:31 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.05.14 05:39:31 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.05.14 05:39:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.05.14 05:39:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.05.14 05:39:16 | 009,699,328 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT [2010.05.14 05:39:16 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini [2010.05.13 02:03:36 | 002,117,298 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.05.12 14:11:10 | 004,955,786 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\F.R. - Exzess all areas (upload by. CoolWhite).mp3 [2010.05.12 14:05:06 | 000,221,824 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02063.JPG [2010.05.12 14:04:12 | 000,378,099 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02059.JPG [2010.05.10 20:00:07 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job [2010.05.10 17:43:37 | 000,000,474 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\TimeLeft.lnk [2010.05.10 17:43:37 | 000,000,448 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\TimeLeft.lnk [2010.05.10 17:40:24 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II Beta.lnk [2010.05.09 20:24:40 | 000,006,713 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.mp3 [2010.05.09 20:22:11 | 000,264,658 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.wav [2010.05.09 20:17:45 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Marxio Timer.lnk [2010.05.02 16:59:47 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Livestream Procaster.lnk [2010.05.01 20:13:16 | 000,000,439 | ---- | M] () -- C:\WINDOWS\system.ini [2010.04.30 17:07:38 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.04.30 17:07:26 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.04.30 16:50:53 | 000,138,056 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys [2010.04.30 16:50:34 | 002,427,248 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 18:28:49 | 000,000,530 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DOSBox 0.73.lnk [2010.04.27 16:10:32 | 000,000,463 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010.04.24 13:40:23 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.04.23 19:30:48 | 000,000,499 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play Battle Dex.lnk [2010.04.22 09:14:29 | 000,046,080 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc [2010.04.22 09:12:51 | 000,168,960 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Der Rationalismus.ppt [2010.04.20 12:26:41 | 000,000,473 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\GT Legends Demo.lnk [2010.04.18 15:48:13 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys [2010.04.18 11:25:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe [2010.04.17 22:22:01 | 000,050,688 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.17 21:56:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.04.15 19:32:23 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.14 15:21:05 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\n2ws5d6u.exe [2010.05.12 14:11:03 | 004,955,786 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\F.R. - Exzess all areas (upload by. CoolWhite).mp3 [2010.05.12 13:54:29 | 000,221,824 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02063.JPG [2010.05.12 13:54:28 | 000,378,099 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02059.JPG [2010.05.10 17:43:37 | 000,000,474 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\TimeLeft.lnk [2010.05.10 17:43:37 | 000,000,448 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\TimeLeft.lnk [2010.05.09 20:24:38 | 000,006,713 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.mp3 [2010.05.09 20:22:11 | 000,264,658 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.wav [2010.05.09 20:17:45 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Marxio Timer.lnk [2010.05.02 22:11:39 | 000,000,596 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II Beta.lnk [2010.05.02 16:59:47 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Livestream Procaster.lnk [2010.04.27 18:28:49 | 000,000,530 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DOSBox 0.73.lnk [2010.04.23 19:28:28 | 000,000,499 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play Battle Dex.lnk [2010.04.22 09:05:05 | 000,168,960 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Der Rationalismus.ppt [2010.04.20 12:24:09 | 000,000,473 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\GT Legends Demo.lnk [2010.04.18 15:48:13 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys [2010.04.18 12:26:49 | 000,046,080 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc [2010.04.15 19:32:23 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc [2010.03.16 21:05:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\chrtmp [2010.03.15 02:27:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.03.01 22:28:26 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll [2010.02.27 02:35:09 | 000,510,888 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.02.22 20:19:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ROCSETUP.INI [2010.02.21 22:29:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\PROFED32.INI [2010.02.02 16:18:17 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid664.log [2010.02.02 16:15:07 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3696.log [2010.02.02 16:03:42 | 000,010,708 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3040.log [2010.01.04 21:38:45 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.01.04 21:38:45 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys [2009.12.31 16:07:22 | 000,001,041 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\vso_ts_preview.xml [2009.12.31 16:06:21 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.log [2009.12.31 16:06:12 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\inst.exe [2009.12.31 16:06:12 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.cat [2009.12.31 16:06:12 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.inf [2009.12.28 18:31:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.11.07 17:28:53 | 000,010,794 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.11.05 20:24:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.11.01 03:46:02 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.31 22:33:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.10.30 22:27:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.10.30 21:10:16 | 000,046,593 | R--- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2009.10.30 21:10:16 | 000,000,193 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009.10.30 20:23:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.10.30 20:23:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.10.30 19:25:12 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.dat.LOG [2009.10.30 19:25:12 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini [2009.10.30 19:25:11 | 009,699,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT [2009.06.10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.06.10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.06.10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.06.10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2005.07.11 06:44:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.05.2010 21:45:51 - Run 2
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 16,21 Gb Free Space | 33,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,34 Gb Free Space | 61,68% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 169,49 Gb Free Space | 62,67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Football2009\fm.exe" = F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo -- (Sports Interactive)
"F:\Footman10\fm.exe" = F:\Footman10\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"F:\Steam\Steam.exe" = F:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\League of Legends\Air\LolClient.exe" = F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"F:\League of Legends\Game\League of Legends.exe" = F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"F:\Dirt2\dirt2.exe" = F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo -- (Codemasters)
"F:\Dirt 2\dirt2_game.exe" = F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2 -- (Codemasters)
"F:\LimeWire\LimeWire.exe" = F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"F:\itunes\iTunes.exe" = F:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"F:\Allods\Allods Online\bin\Launcher.exe" = F:\Allods\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Allods\Allods Online\bin\AOgame.exe" = F:\Allods\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Steam\steamapps\steamid0078\counter-strike\hl.exe" = F:\Steam\steamapps\steamid0078\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{458207CA-1B0C-4A35-AEDF-9C9D5B0579C5}" = Livestream Procaster
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{626C32A3-0F0F-41B3-9F53-75E16B2D8925}" = SymNet
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF03295-1921-4732-B69B-AF6ED0971A8B}_is1" = GT Legends Demo
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8610FF9A-8FEE-4509-ADCD-AF68157B562A}" = Symantec Real Time Storage Protection Component
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90B73122-6D92-44D2-BBD4-811F98DA88B1}" = Team Players Corvette C6R
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}" = Sound Blaster Audigy 4
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B754B466-11CA-43C0-A168-6553B5C9AD4A}" = BobsTrackBuilderEvo
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF0BC679-A503-43AF-9104-E8842999955E}_is1" = CTDP's ChampionShipManager NX 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C85A83-296E-4813-86A6-DA8DA6A92D6D}" = Left 4 Dead 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{ECDF8120-703D-4A96-B36C-A565419B3900}" = BobsTrackBuilder
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AMIP" = AMIP (remove only)
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.02
"Ashampoo ClipFinder_is1" = Ashampoo ClipFinder 1.55
"AstrumNival Allods" = Allods Online 1.0.05.41
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CamStudio" = CamStudio
"cdrtools Frontend_is1" = cdrtfe 1.3.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ESL Wire_is1" = ESL Wire 1.3
"F1 DLM 2009 Trackpack" = F1 DLM 2009 Trackpack
"F1 Official Team Manager" = F1 Official Team Manager
"Football Manager 2010" = Football Manager 2010
"Football Manager 2010 Demo" = Football Manager 2010 Demo
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.7
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marxio Timer_is1" = Marxio Timer 1.11
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMJ-Quellcodesammlung_is1" = MMJ-Quellcodesammlung
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"Need For Speed SHIFT_is1" = Need For Speed SHIFT
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nettalk_is1" = Nettalk 6.6
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PKR" = PKR
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"Real-Time Racing_is1" = Real-Time Racing
"rF Tv Style_is1" = Tv Style Beta 0.9
"rFactor" = rFactor (remove only)
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.2.4
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 33310" = R.U.S.E. Beta
"Steam App 8600" = RACE 07
"Steam App 8640" = RACE On
"Steam App 8760" = RACE On - DEMO
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TIMELEFT3_is1" = TimeLeft
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vtune_is1" = Vtune 7.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.9.1 (unicode) for Python 2.6
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (marco)
"GeoGebra" = GeoGebra
"Grand Prix 1979 for Rfactor v2.0" = Grand Prix 1979 for Rfactor v2.0
"MOD F1RL09 FINAL VERSION" = MOD F1RL09 FINAL VERSION
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2010 02:05:18 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.05.2010 02:05:18 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.05.2010 02:05:18 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.05.2010 02:05:26 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.05.2010 02:05:27 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 13.05.2010 13:51:52 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rfactor.exe, Version 1.2.5.5, fehlgeschlagenes
Modul d3d9.dll, Version 5.3.2600.5512, Fehleradresse 0x00041b0c.
Error - 13.05.2010 14:15:04 | Computer Name = MARCO-ED193E38F | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error Initialisierung des COM-Subsystems ist fehlgeschlagen.
Fehlercode: 0x8007041D.
Error - 14.05.2010 09:48:51 | Computer Name = MARCO-ED193E38F | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt. ). Die
Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 14.05.2010 09:51:31 | Computer Name = MARCO-ED193E38F | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
(Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
der Gruppenrichtlinie wurde abgebrochen.
Error - 14.05.2010 10:09:25 | Computer Name = MARCO-ED193E38F | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error Initialisierung des COM-Subsystems ist fehlgeschlagen.
Fehlercode: 0x8007041D.
[ System Events ]
Error - 14.05.2010 06:00:02 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrB" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 14.05.2010 06:00:07 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 14.05.2010 06:00:20 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 14.05.2010 06:02:03 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 14.05.2010 06:02:24 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 14.05.2010 06:08:53 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 14.05.2010 09:23:13 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 14.05.2010 09:23:24 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 14.05.2010 10:09:25 | Computer Name = MARCO-ED193E38F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "LiveUpdate"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {03E0E6C2-363B-11D3-B536-00902771A435}
Error - 14.05.2010 10:09:25 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst LiveUpdate.
< End of report >
 Geändert von Marco90 (14.05.2010 um 20:49 Uhr) |
|
14.05.2010, 22:11
| #22 |
| /// Helfer-Team | ebay Account missbraucht, Quelle unbekannt. Wie zuvor: aus den OTL-Logs ist nichts ersichtlich, was auf bösartige Software hindeutet. Scanne Deinen PC bitte mal mit SUPERAntispyware - vielleicht findet das noch was. |
|
15.05.2010, 01:48
| #24 | |
| | ebay Account missbraucht, Quelle unbekannt.Zitat:
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/15/2010 at 02:46 AM
Application Version : 4.37.1000
Core Rules Database Version : 4936
Trace Rules Database Version: 2748
Scan type : Complete Scan
Total Scan Time : 02:18:42
Memory items scanned : 714
Memory threats detected : 0
Registry items scanned : 5933
Registry threats detected : 0
File items scanned : 373776
File threats detected : 22
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\marco\Cookies\marco@webmasterplan[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@doubleclick[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@a7.adserver01[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@atdmt[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@serving-sys[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@tradedoubler[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@adbrite[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@msnportal.112.2o7[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@content.yieldmanager[3].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@traffictrack[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@toplist[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@toplist[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@content.yieldmanager[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@bs.serving-sys[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@adtech[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@ad.zanox[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@zanox[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@ad.yieldmanager[2].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@adply.plymedia[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@tto2.traffictrack[1].txt
C:\Dokumente und Einstellungen\marco\Cookies\marco@www.active-tracking[1].txt
Adware.Vundo/Variant-X32[Header]
F:\XPROFAN8\RES\LEER32.DLL
|
|
| Themen zu ebay Account missbraucht, Quelle unbekannt. |
| account, anti-malware, benachrichtigt, bösartige, code, datei, dateien, ebay, festgestellt, folge, folgen, gestern, hacker, heute, minute, missbraucht, quelle, service, sofort, sorge, sorgen, unbekannt, version, versuche, zwischen |
Linear-Darstellung
