| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ebay Account missbraucht, Quelle unbekannt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.03.2010, 19:15
| #1 |
 |  ebay Account missbraucht, Quelle unbekannt. Ich hab heute festgestellt, dass gestern über meinen ebay-Account ein Artikel ersteigert wurde. ebay ist benachrichtigt, ebenso wie der Verkäufer. Passwort wurde sofort geändert. Natürlich mache ich mir jetzt sorgen und versuche irgendwie an den Mittler zwischen mir und dem Hacker zu kommen. Eine Datei oder ähnliches. Ich hab erstmal MB Anti-Malware durchlaufen lassen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3
31.03.2010 20:10:04
mbam-log-2010-03-31 (20-10-04).txt
Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|)
Durchsuchte Objekte: 440705
Laufzeit: 1 hour(s), 20 minute(s), 39 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
31.03.2010, 19:20
| #2 |
| | ebay Account missbraucht, Quelle unbekannt. Hier das HijackThis Logfile
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:17:53, on 31.03.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Logitech\Gaming Software\LWEMon.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE F:\itunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Vtune\TBPanel.exe F:\Rainlendar2\Rainlendar2.exe F:\Nettalk6\Nettalk.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Bonjour\mDNSResponder.exe F:\hamachi\hamachi-2.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Java\jre6\bin\jucheck.exe C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Dokumente und Einstellungen\marco\Desktop\Darkfix.exe F:\Steam\Steam.exe F:\Trillian\trillian.exe F:\Winamp\winamp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://p.yigao.com/servlet/clickHandler?uid=21362&zid=83876&zsid=e8522095003e2976ae6f90b0ff5ca27a&atid=100000&cid=28809&at=2&aid=14782&cyid=20091109_3&ct=2&bt=1&sid=c0d73700cae2dedf0b391766f942fd34&url=http%3A%2F%2Fp.yiqifa.com%2Fc%3Fs%3Daded5f32%26w%3D72244%26c%3D4264%26i%3D4562%26l%3D0%26e%3Dyigao_%7B0%7D%26t%3Dhttp%3A%2F%2Fhome.3gm.com.cn%2Fdo.php%3Fac%3Dfswd&referUrl=http%3A%2F%2F116.76.255.122%2Ftvantsad%2Fyiqifa2.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A O4 - HKCU\..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\hamachi\hamachi-2.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 10762 bytes P.S: Ich hab von ebay schon eine Mail gekriegt, dass ich den Artikel nicht zahlen muss! |
|
31.03.2010, 19:43
| #3 | |
| /// Helfer-Team  | ebay Account missbraucht, Quelle unbekannt. Hallo,
__________________typisch hierfür wäre ein sog. Keylogger, der sämtliches Geschriebenes mitliest. Zitat:
Am besten deinstallieren, Malwarebytes neuinstallieren - auf aktuelle Datenbank-Version achten - und einen erneuten Vollscan machen.  Mache bitte noch zusätzlich einen Systemscan mit RSIT und poste die Logfiles hier. Ich würde auf jeden Fall mal alle Passwörter von einem sauberen Rechner aus ändern (E-Mail, ev. Online-Banking, etc.).
__________________ |
|
31.03.2010, 21:13
| #4 |
| | ebay Account missbraucht, Quelle unbekannt. Hier das neue Anti-Malware Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3938
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31.03.2010 22:09:47
mbam-log-2010-03-31 (22-09-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 423463
Laufzeit: 1 Stunde(n), 20 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Temp\data\venmix.exe (Trojan.Wreckit) -> Not selected for removal.
Die zweite Dateil ist der bekannte Ventrilomix. Also eigentlich nichts besonderes... Da ich die erste Datei auf jedenfall nicht mehr brauche hab ich die mal deleted. Das angekündigte RSIT Logfile Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by marco at 2010-03-31 22:13:34 Microsoft Windows XP Professional Service Pack 3 System drive C: has 8 GB (16%) free of 50 GB Total RAM: 3326 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:13:43, on 31.03.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Logitech\Gaming Software\LWEMon.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE F:\itunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Vtune\TBPanel.exe F:\Rainlendar2\Rainlendar2.exe F:\Nettalk6\Nettalk.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Bonjour\mDNSResponder.exe F:\hamachi\hamachi-2.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Java\jre6\bin\jucheck.exe C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe F:\Steam\Steam.exe F:\Trillian\trillian.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\RSIT.exe C:\Programme\Trend Micro\HijackThis\marco.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://p.yigao.com/servlet/clickHandler?uid=21362&zid=83876&zsid=e8522095003e2976ae6f90b0ff5ca27a&atid=100000&cid=28809&at=2&aid=14782&cyid=20091109_3&ct=2&bt=1&sid=c0d73700cae2dedf0b391766f942fd34&url=http%3A%2F%2Fp.yiqifa.com%2Fc%3Fs%3Daded5f32%26w%3D72244%26c%3D4264%26i%3D4562%26l%3D0%26e%3Dyigao_%7B0%7D%26t%3Dhttp%3A%2F%2Fhome.3gm.com.cn%2Fdo.php%3Fac%3Dfswd&referUrl=http%3A%2F%2F116.76.255.122%2Ftvantsad%2Fyiqifa2.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A O4 - HKCU\..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe (User 'Default user') O4 - Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\hamachi\hamachi-2.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 10907 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-25 316784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll [2009-10-30 116088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] C:\Programme\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton-Symbolleiste anzeigen - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 316784] {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464] "ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-10-17 51048] "osCheck"=C:\Programme\Norton Internet Security\osCheck.exe [2007-08-25 714608] "CTDVDDET"=C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE [2003-06-18 45056] "CTSysVol"=C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe [2005-02-15 57344] "AudioDrvEmulator"=C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152] "CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-06-18 16384] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2008-09-05 1794048] "Start WingMan Profiler"=C:\Programme\Logitech\Gaming Software\LWEMon.exe [2009-09-16 153608] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "HP Component Manager"=C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032] "HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-08 18789920] "SearchSettings"=C:\Programme\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792] "iTunesHelper"=F:\itunes\iTunesHelper.exe [2010-02-15 141608] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TBPanel"=C:\Programme\Vtune\TBPanel.exe [2009-05-12 2158592] "AdobeBridge"= [] "Rainlendar2"=F:\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart Nettalk.lnk - F:\Nettalk6\Nettalk.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\Football2009\fm.exe"="F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo" "F:\Footman10\fm.exe"="F:\Footman10\fm.exe:*:Enabled:Football Manager 2010" "F:\Steam\Steam.exe"="F:\Steam\Steam.exe:*:Enabled:Steam" "F:\League of Legends\Air\LolClient.exe"="F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby" "F:\League of Legends\Game\League of Legends.exe"="F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client" "F:\Dirt2\dirt2.exe"="F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo" "F:\Dirt 2\dirt2_game.exe"="F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "F:\LimeWire\LimeWire.exe"="F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe"="F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2" "F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe"="F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "F:\itunes\iTunes.exe"="F:\itunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher" "F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe"="F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-03-31 20:49:30 ----D---- C:\rsit 2010-03-31 20:45:05 ----A---- C:\mbam-error.txt 2010-03-31 20:14:54 ----D---- C:\WINDOWS\LastGood 2010-03-31 15:09:20 ----A---- C:\WINDOWS\system32\SET150.tmp 2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET154.tmp 2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14F.tmp 2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14C.tmp 2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14B.tmp 2010-03-31 15:09:18 ----A---- C:\WINDOWS\system32\SET151.tmp 2010-03-19 19:49:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks 2010-03-19 19:48:04 ----D---- C:\WINDOWS\system32\TVUAx 2010-03-18 22:48:31 ----A---- C:\WINDOWS\IsUn0407.exe 2010-03-17 11:13:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft 2010-03-15 02:27:07 ----D---- C:\Programme\Ventrilo 2010-03-15 02:27:03 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2010-03-14 18:32:20 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Ubisoft 2010-03-14 02:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-13 19:22:26 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-04 21:38:38 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Apple Computer 2010-03-04 21:38:29 ----A---- C:\WINDOWS\system32\GEARAspi.dll 2010-03-04 21:37:52 ----D---- C:\Programme\iPod 2010-03-04 21:37:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-04 21:36:59 ----D---- C:\Programme\QuickTime 2010-03-04 21:36:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2010-03-04 21:36:49 ----D---- C:\Programme\Apple Software Update 2010-03-04 21:36:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2010-03-04 21:36:13 ----D---- C:\Programme\Gemeinsame Dateien\Apple 2010-03-04 21:36:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2010-03-04 21:27:37 ----A---- C:\WINDOWS\system32\ptpusb.dll 2010-03-04 21:27:36 ----A---- C:\WINDOWS\system32\ptpusd.dll 2010-03-02 12:30:31 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\HLSW 2010-03-01 22:28:26 ----A---- C:\WINDOWS\system32\prospeed_bmp2jpg.dll 2010-03-01 22:07:38 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\MMJ_BABYBOX ======List of files/folders modified in the last 1 months====== 2010-03-31 22:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974455_1$ 2010-03-31 22:10:12 ----D---- C:\WINDOWS\system32\drivers 2010-03-31 21:45:10 ----D---- C:\Programme\Mozilla Firefox 2010-03-31 21:28:02 ----D---- C:\Programme\Mozilla Thunderbird 2010-03-31 20:49:35 ----D---- C:\WINDOWS\Prefetch 2010-03-31 20:49:33 ----D---- C:\WINDOWS\Temp 2010-03-31 20:49:32 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-03-31 20:45:04 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-03-31 20:15:40 ----HD---- C:\WINDOWS\inf 2010-03-31 20:15:39 ----D---- C:\WINDOWS 2010-03-31 20:15:35 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-31 20:15:34 ----D---- C:\WINDOWS\system32 2010-03-31 20:15:34 ----D---- C:\Programme\Internet Explorer 2010-03-31 20:14:55 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-31 15:07:26 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-30 20:42:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-30 20:42:43 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Nettalk 2010-03-30 20:42:42 ----A---- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK 2010-03-28 19:07:11 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\teamspeak2 2010-03-26 18:52:39 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2010-03-26 18:46:02 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-24 23:14:39 ----D---- C:\Programme\FTP Commander 2010-03-24 23:13:33 ----SD---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Microsoft 2010-03-23 16:03:52 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-03-23 15:56:00 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2010-03-23 09:23:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2010-03-19 02:06:51 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Adobe 2010-03-18 17:32:34 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\LimeWire 2010-03-18 13:04:07 ----D---- C:\WINDOWS\Minidump 2010-03-17 12:25:42 ----RD---- C:\Programme 2010-03-17 12:24:35 ----HD---- C:\Programme\InstallShield Installation Information 2010-03-17 04:04:54 ----SHD---- C:\WINDOWS\Installer 2010-03-17 04:04:54 ----D---- C:\WINDOWS\WinSxS 2010-03-17 04:03:28 ----RSD---- C:\WINDOWS\assembly 2010-03-17 04:03:07 ----D---- C:\WINDOWS\system32\DirectX 2010-03-17 02:57:37 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mumble 2010-03-15 02:26:56 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2010-03-14 02:27:16 ----A---- C:\WINDOWS\imsins.BAK 2010-03-14 02:27:10 ----D---- C:\Programme\Movie Maker 2010-03-05 21:21:51 ----A---- C:\WINDOWS\PROFED32.INI 2010-03-05 19:55:03 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\XLEHRBUCH 2010-03-04 21:38:29 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-03-04 21:37:33 ----D---- C:\Programme\Bonjour 2010-03-04 21:36:13 ----D---- C:\Programme\Gemeinsame Dateien 2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdPPM;AMD HwPState Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-12-01 279088] R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-12-01 43696] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys [] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-06-18 501760] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-06-18 438784] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-06-18 7168] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-06-18 142336] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-06-18 77824] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 fwlanusbn;FRITZ!WLAN N; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [2008-09-05 419328] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-06-18 751104] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-06-18 178688] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-08 6017568] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100330.048\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100330.048\NAVEX15.SYS [] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-03 8087712] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-06-18 114688] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-31 47360] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888] R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560] R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576] R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\ipsdefs\20100320.001\SymIDSCo.sys [] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280] R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792] R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592] R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-09-11 31752] R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056] S3 ai4nwwsx;ai4nwwsx; C:\WINDOWS\system32\drivers\ai4nwwsx.sys [] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2008-09-05 4352] S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [] S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-06-07 340176] S3 dxdiag.sys;dxdiag.sys; \??\C:\DOKUME~1\marco\LOKALE~1\Temp\dxdiag.sys [] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-06-18 153088] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-12-01 317616] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Application Updater;Application Updater; C:\Programme\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] R2 Automatic LiveUpdate Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064] R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2008-09-05 364544] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; F:\hamachi\hamachi-2.exe [2009-10-29 1074568] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LiveUpdate Notice;LiveUpdate Notice; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-26 75064] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-02-15 545576] R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-10-30 1251720] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 comHost;COM Host; C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-17 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
31.03.2010, 21:50
| #5 |
| /// Helfer-Team | ebay Account missbraucht, Quelle unbekannt. Also ein Keylogger ist da definitiv nicht drauf. Die Logs sind - bis auf unnütze IE-Toolbars - sauber. Um wirklich sicherzugehen, bitte noch einen Rootkitscan mit GMER durchführen. Evtl. hat jemand Dein eBay Passwort durch Ausprobieren geknackt. Hattest Du ein Passwort ala "passwort" oder ala "$passwd146"? |
|
17.04.2010, 15:24
| #6 | ||
| | ebay Account missbraucht, Quelle unbekannt. Ein neuer Vorfall, diesmal wurde mein svz account missbraucht und folgende Nachricht geschrieben. Zitat:
Da die Nachrichten ein wenig in der Punktierung variieren kann es also kein Bot etc sein. Zum Glück loggt svz auch die IP. /EDIT: Per "IP Address Lookup" habe ich sogar weiter Infos finden können. Zitat:
Sollte ich vllt rechtliche Schritte einleiten? |
|
17.04.2010, 20:11
| #7 |
| /// Helfer-Team | ebay Account missbraucht, Quelle unbekannt. Hm... Bitte folgendes durchführen: 1.) Vollständiger Scan mit Malwarebytes Anti-Malware (zuvor Datenbank aktualisieren!) 2.) Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
3.) Rootkitscan mit GMER Hat außer dir noch jemand anderer Zugriff auf deinen Rechner? Ändere am besten von einem sauberen Rechner aus alle deine Zugangsdaten. (E-Mail, eBay, StudiVZ, etc.) Betreibe von deinem "Keylogger-Rechner" keine oben genannten Aktivitäten mehr. |
|
18.04.2010, 10:54
| #8 |
| | ebay Account missbraucht, Quelle unbekannt. Ich haben eben vor dem Scan von Malwarebytes nach dem Datenbankupdate mal die Reiter durchgeschaut und gesehen, dass bei Quarantäne zwei Keylogger registriert wurden. Der eine war datiert mit dem 29.11.2009 *schock* Hab direkt alles entfernt und bin jetzt dabei den Scan durchlaufen zu lassen. So far... |
|
18.04.2010, 12:00
| #9 |
| | ebay Account missbraucht, Quelle unbekannt. Malwarebytes Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4003
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18.04.2010 12:59:07
mbam-log-2010-04-18 (12-59-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 422161
Laufzeit: 1 Stunde(n), 21 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\CryptLoad_1.1.8\ocr\filer.net\ocr_by_spider_b\Version4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Temp\data\venmix.exe (Trojan.Wreckit) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 18.04.2010 13:14:53 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Dokumente und Einstellungen\marco\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 18,76 Gb Free Space | 38,42% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 146,48 Gb Total Space | 90,32 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 270,44 Gb Total Space | 179,08 Gb Free Space | 66,22% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARCO-ED193E38F Current User Name: marco Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - F:\hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - F:\Rainlendar2\Rainlendar2.exe () PRC - C:\Programme\Vtune\TBPANEL.exe () PRC - F:\Nettalk6\Nettalk.exe (Nicolas Kruse) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) PRC - C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company) PRC - C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (Hamachi2Svc) -- F:\hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (LiveUpdate Notice) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (comHost) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100417.020\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100417.020\NAVENG.SYS (Symantec Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ipsdefs\20100415.001\SymIDSCo.sys (Symantec Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: firefoxstats@matthew.hambly:1.2.2n FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks_remote_dns: true FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 00:20:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.12 15:56:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.12 15:56:20 | 000,000,000 | ---D | M] [2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions [2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.04.17 16:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions [2009.11.02 21:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.12.05 16:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2009.10.30 21:52:33 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010.01.04 21:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\battlefieldheroespatcher@ea.com [2010.03.19 19:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefox@tvunetworks.com [2009.12.19 19:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefoxstats@matthew.hambly [2010.02.18 23:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\toolbar@ask.com [2010.04.17 16:07:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.17 10:14:14 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Gemeinsame Dateien\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\Nettalk.lnk = F:\Nettalk6\Nettalk.exe (Nicolas Kruse) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.30 19:20:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.14 21:00:43 | 000,000,000 | ---D | M] - F:\Autoupdate -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.18 13:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi [2010.04.18 11:25:25 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe [2010.04.12 15:55:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.10 18:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations [2010.03.31 20:49:30 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.24 23:01:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\tril [2010.03.19 21:36:22 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys [2010.03.19 21:36:15 | 000,077,824 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwusbnci.org [2010.03.19 19:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\TVU Networks [2010.03.19 19:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks [2010.03.19 19:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\LocalLow [2010.03.19 19:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx [2010.03.19 13:47:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\.rainlendar2 [2010.01.02 18:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2009.12.31 16:06:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.sys [2009.11.08 18:59:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2009.10.30 19:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2009.10.30 19:20:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2005.06.18 08:04:56 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.18 13:12:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.18 13:10:37 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.CDF [2010.04.18 13:09:51 | 000,235,380 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.04.18 13:09:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.18 13:09:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.18 13:08:15 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.04.18 13:08:15 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.04.18 13:08:15 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.04.18 13:08:15 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.04.18 13:08:15 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx [2010.04.18 13:08:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.04.18 13:08:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.04.18 13:07:59 | 009,175,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT [2010.04.18 13:07:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini [2010.04.18 13:07:52 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK [2010.04.18 13:01:02 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.04.18 12:39:50 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc [2010.04.18 11:25:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe [2010.04.18 00:47:33 | 002,115,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.04.17 22:22:01 | 000,050,688 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.17 21:56:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.04.15 19:32:23 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc [2010.04.14 21:35:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.04.14 10:58:34 | 262,971,603 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro - Q1.mp3 [2010.04.14 09:06:06 | 000,034,481 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro XI -Dezember 2009.mp3 [2010.04.12 20:07:55 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job [2010.04.12 15:57:10 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.04.11 20:46:49 | 000,005,052 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\q1.m3u [2010.04.11 02:39:48 | 000,000,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk [2010.04.06 21:28:21 | 000,030,208 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\GMK0704.doc [2010.04.04 00:20:05 | 000,002,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk [2010.04.03 16:55:55 | 000,000,417 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play PKR.lnk [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.24 23:13:01 | 000,835,584 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\gandhi.ppt [2010.03.24 22:46:14 | 000,035,840 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\mahatma.doc [2010.03.19 18:05:50 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll [2010.03.19 13:47:11 | 000,000,555 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rainlendar2.lnk [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.18 12:26:49 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc [2010.04.15 19:32:23 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc [2010.04.14 09:07:00 | 262,971,603 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro - Q1.mp3 [2010.04.14 09:06:05 | 000,034,481 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro XI -Dezember 2009.mp3 [2010.04.12 15:56:20 | 000,001,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.04.11 02:39:47 | 000,000,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk [2010.04.06 20:18:57 | 000,030,208 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\GMK0704.doc [2010.04.03 16:55:55 | 000,000,417 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play PKR.lnk [2010.04.02 20:35:58 | 000,005,052 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\q1.m3u [2010.03.24 23:13:01 | 000,835,584 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\gandhi.ppt [2010.03.21 23:00:19 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\mahatma.doc [2010.03.19 13:47:11 | 000,000,555 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rainlendar2.lnk [2010.03.16 21:05:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\chrtmp [2010.03.15 02:27:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.03.01 22:28:26 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll [2010.02.27 02:35:09 | 000,510,888 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.02.22 20:19:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ROCSETUP.INI [2010.02.21 22:29:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\PROFED32.INI [2010.02.02 16:18:17 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid664.log [2010.02.02 16:15:07 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3696.log [2010.02.02 16:03:42 | 000,010,708 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3040.log [2010.01.04 21:38:45 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.01.04 21:38:45 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys [2009.12.31 16:07:22 | 000,001,041 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\vso_ts_preview.xml [2009.12.31 16:06:21 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.log [2009.12.31 16:06:12 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\inst.exe [2009.12.31 16:06:12 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.cat [2009.12.31 16:06:12 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.inf [2009.12.28 18:31:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.11.07 17:28:53 | 000,010,794 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.11.05 20:24:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.11.01 03:46:02 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.31 22:33:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.10.30 22:27:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.10.30 21:10:16 | 000,046,593 | R--- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2009.10.30 21:10:16 | 000,000,193 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009.10.30 20:23:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.10.30 20:23:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.10.30 19:25:12 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.dat.LOG [2009.10.30 19:25:12 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini [2009.10.30 19:25:11 | 009,175,040 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT [2009.06.10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.06.10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.06.10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.06.10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2005.07.11 06:44:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86 < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.04.2010 13:14:53 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 18,76 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,32 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 179,08 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Football2009\fm.exe" = F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo -- (Sports Interactive)
"F:\Footman10\fm.exe" = F:\Footman10\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"F:\Steam\Steam.exe" = F:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\League of Legends\Air\LolClient.exe" = F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"F:\League of Legends\Game\League of Legends.exe" = F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"F:\Dirt2\dirt2.exe" = F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo -- (Codemasters)
"F:\Dirt 2\dirt2_game.exe" = F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2 -- (Codemasters)
"F:\LimeWire\LimeWire.exe" = F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"F:\itunes\iTunes.exe" = F:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"F:\Allods\Allods Online\bin\Launcher.exe" = F:\Allods\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Allods\Allods Online\bin\AOgame.exe" = F:\Allods\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{626C32A3-0F0F-41B3-9F53-75E16B2D8925}" = SymNet
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8610FF9A-8FEE-4509-ADCD-AF68157B562A}" = Symantec Real Time Storage Protection Component
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}" = Sound Blaster Audigy 4
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF0BC679-A503-43AF-9104-E8842999955E}_is1" = CTDP's ChampionShipManager NX 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C85A83-296E-4813-86A6-DA8DA6A92D6D}" = Left 4 Dead 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AMIP" = AMIP (remove only)
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.02
"Ashampoo ClipFinder_is1" = Ashampoo ClipFinder 1.55
"AstrumNival Allods" = Allods Online 1.0.05.41
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CamStudio" = CamStudio
"cdrtools Frontend_is1" = cdrtfe 1.3.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESL Wire_is1" = ESL Wire 1.3
"F1 DLM 2009 Trackpack" = F1 DLM 2009 Trackpack
"F1 Official Team Manager" = F1 Official Team Manager
"Football Manager 2010" = Football Manager 2010
"Football Manager 2010 Demo" = Football Manager 2010 Demo
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.7
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMJ-Quellcodesammlung_is1" = MMJ-Quellcodesammlung
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"Need For Speed SHIFT_is1" = Need For Speed SHIFT
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nettalk_is1" = Nettalk 6.6
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PKR" = PKR
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"Real-Time Racing_is1" = Real-Time Racing
"rF Tv Style_is1" = Tv Style Beta 0.9
"rFactor" = rFactor (remove only)
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.2.4
"Steam App 10" = Counter-Strike
"Steam App 33310" = R.U.S.E. Beta
"Steam App 8600" = RACE 07
"Steam App 8640" = RACE On
"Steam App 8760" = RACE On - DEMO
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vtune_is1" = Vtune 7.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.9.1 (unicode) for Python 2.6
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (marco)
"GeoGebra" = GeoGebra
"Grand Prix 1979 for Rfactor v2.0" = Grand Prix 1979 for Rfactor v2.0
"MOD F1RL09 FINAL VERSION" = MOD F1RL09 FINAL VERSION
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 10.04.2010 20:13:25 | Computer Name = MARCO-ED193E38F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Allods-EU_Deutsch.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.04.2010 20:43:44 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
Error - 10.04.2010 20:43:50 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
Error - 10.04.2010 20:44:55 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
Error - 11.04.2010 05:56:51 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
Error - 12.04.2010 12:14:57 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
Error - 12.04.2010 12:15:12 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
[ System Events ]
Error - 15.04.2010 11:57:56 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 15.04.2010 12:45:57 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 15.04.2010 12:46:07 | Computer Name = MARCO-ED193E38F | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A0E748A1-DE06-456A-B6C6-F66E2267059C} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 15.04.2010 15:13:55 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 15.04.2010 15:14:26 | Computer Name = MARCO-ED193E38F | Source = NetBT | ID = 4321
Description = Der Name "ARBEITSGRUPPE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.23
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 16.04.2010 09:47:09 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 17.04.2010 09:45:40 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 18.04.2010 05:19:28 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 18.04.2010 07:09:54 | Computer Name = MARCO-ED193E38F | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 18.04.2010 07:12:03 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
< End of report >
Geändert von Marco90 (18.04.2010 um 12:32 Uhr) |
|
18.04.2010, 12:24
| #10 |
| /// Helfer-Team | ebay Account missbraucht, Quelle unbekannt. Hi, es wäre gut zu wissen, was Malwarebytes da für Keylogger gefunden hat. Suche mal im Reiter "Logdateien" nach einem Logfile vom 29.11.2009 und poste es. OTL schau ich mit gleich noch an. |
|
18.04.2010, 12:34
| #11 | |
| | ebay Account missbraucht, Quelle unbekannt. So sah der Eintrag damals aus Zitat:
|
|
18.04.2010, 14:39
| #13 |
| | ebay Account missbraucht, Quelle unbekannt. Geht das auch mit einem anderen Tool? GMER stürzt bei mir immer ab. |
|
18.04.2010, 14:44
| #14 |
| /// Helfer-Team | ebay Account missbraucht, Quelle unbekannt. GMER neigt leider oft zu Abstürzen  Rootkitscan mit RootRepeal Lade RootRepeal.zip herunter und entpacke es auf Deinen Desktop
|
|
18.04.2010, 15:06
| #15 |
| | ebay Account missbraucht, Quelle unbekannt. So hier das RootRepeal Log. Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/18 15:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB03C1000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB8614000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP0734
Image Path: \Driver\PCI_PNP0734
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spvu.sys
Image Path: spvu.sys
Address: 0xB7EB4000 Size: 995328 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: c:\dokumente und einstellungen\marco\anwendungsdaten\mozilla\firefox\profiles\fsi8u378.default\sessionstore.js
Status: Size mismatch (API: 32979, Raw: 32977)
SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x892cfe08
#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x892cfec8
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d0998
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89ce21c8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee020
#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x892cf9c8
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x892d0b28
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x892cf728
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee2a0
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee800
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spvu.sys" at address 0xb7ecdda4
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spvu.sys" at address 0xb7ece132
#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d07f8
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x892cfab8
#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x892cfb98
#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x892d0718
#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x892cf8e8
#: 119 Function Name: NtOpenKey
Status: Hooked by "spvu.sys" at address 0xb7eb50c0
#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x892d0a68
#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8804df20
#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x892d04b8
#: 160 Function Name: NtQueryKey
Status: Hooked by "spvu.sys" at address 0xb7ece20a
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spvu.sys" at address 0xb7ece08a
#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x892e7320
#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x892d03f8
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x892d0588
#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x892d0328
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06eea50
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x892cf808
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x892cffd0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89331750
#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x892d0268
#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x892d0658
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d08c8
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8b0051f8 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_CREATE]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_CLOSE]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_POWER]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: pcou, IRP_MJ_PNP]
Process: System Address: 0x8ad93500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8ad9d500 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8af931f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8ae4c500 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8b0071f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x892f71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x892f71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892f71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892f71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x892f71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x892f71f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8ad8d500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x892da500 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_CREATE]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_CLOSE]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_READ]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_SHUTDOWN]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_CLEANUP]
Process: System Address: 0x892a41f8 Size: 121
Object: Hidden Code [Driver: Cdfsఈ浍浓⎨褪@, IRP_MJ_PNP]
Process: System Address: 0x892a41f8 Size: 121
==EOF==
|
|
| Themen zu ebay Account missbraucht, Quelle unbekannt. |
| account, anti-malware, benachrichtigt, bösartige, code, datei, dateien, ebay, festgestellt, folge, folgen, gestern, hacker, heute, minute, missbraucht, quelle, service, sofort, sorge, sorgen, unbekannt, version, versuche, zwischen |
Linear-Darstellung
