| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2010, 15:23
| #1 |
| |  3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Hallo, gestern wollte mein PC nicht richtig hochfahren (Windows lief zwar, aber ich konnte - wenn überhaupt - nur sehr langsam irgendwas machen). Nach etlichen Neustarts ist er richtig hochgefahren und direkt meldete sich Antivir nacheinander mit 3 Meldungen: 1. C:\WINDOWS\system32\sshnas21.dll' ist befallen von 'TR/Renos.214528' [trojan] 2. 'C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\temp\Xtd.exe' ist befallen von 'TR/Dldr.Zlob.caz' [trojan] 3. 'C:\WINDOWS\Xnunaa.exe' ist befallen von 'TR/Dldr.Zlob.cay' [trojan] Ich habe mal nach den einzelnen gegoogelt, aber keine wirkliche Hilfe gefunden. Zu einem der drei gab es hauptsächlich Seiten auf japanisch? chinesisch? Und vielleicht ist es ja auch relevant, dass diese drei zusammen auftreten. Ich hoffe, mir kann geholfen werden. Also, Malwarebytes fand 13 infizierte Dateien und hat die auch, soweit ich das beurteilen kann, beseitigt. Seitdem treten auch keine Meldungen mehr auf. Hier das log-file: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.04.2010 06:59:34
mbam-log-2010-04-21 (06-59-34).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 105448
Laufzeit: 17 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\webperform.DLL (Adware.WebPerform) -> No action taken.
HKEY_CLASSES_ROOT\Web.Perform (Adware.WebPerform) -> No action taken.
HKEY_CLASSES_ROOT\Web.Perform.1 (Adware.WebPerform) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temp\Xtd.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
Dann das log-file von RSIT: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Stephan at 2010-04-21 15:45:18 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 3 GB (3%) free of 95 GB Total RAM: 1014 MB (35% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:45:39, on 21.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe C:\Programme\Gacela\Nurago-Reporting.exe C:\Programme\Gacela\Nurago-Updater.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe c:\programme\uniprogramme\wdservice.exe C:\Programme\Apoint2K\Apoint.exe C:\Programme\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\NAVI\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internetprogramme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe C:\Programme\Schutzprogramme\HijackThis\xxx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Gacela - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Programme\Gacela\Gacela2.dll O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\NAVI\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\NAVI\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\NAVI\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\NAVI\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll O9 - Extra 'Tools' menuitem: Über Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {8B123450-3855-4BA9-9CCE-488400DA054E} (SceneGraphControl Class) - hxxp://www.yourgeo.de/plugin/AthensX.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe O23 - Service: Nurago-Reporting-Service - Unknown owner - C:\Programme\Gacela\Nurago-Reporting.exe O23 - Service: Nurago-Update-Service - Unknown owner - C:\Programme\Gacela\Nurago-Updater.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - c:\programme\uniprogramme\wdservice.exe O23 - Service: WebSecurityProxy - Unknown owner - C:\Programme\Uniprogramme\ILWIS\WSC.NTService_1.1.2\WSC.NTService_1.1.2\jsl\jsl.exe (file missing) -- End of file - 10048 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{F4A66AE9-A5DD-48F2-A731-0F5C826E58A8}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}] Gacela - C:\Programme\Gacela\Gacela2.dll [2010-09-22 1438720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-11-07 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Programme\Search Settings\SearchSettings.dll [2010-01-08 1109504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-07 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408] {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - Gacela - C:\Programme\Gacela\Gacela2.dll [2010-09-22 1438720] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Programme\Apoint2K\Apoint.exe [2004-03-24 196608] "TPNF"=C:\Programme\TOSHIBA\TouchPad\TPTray.exe [2005-08-25 53248] "SVPWUTIL"=C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536] "Zooming"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576] "TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-08-22 28672] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-12 266240] "SmoothView"=C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [2005-05-13 118784] "TFncKy"=TFncKy.exe [] "Tvs"=C:\Programme\TOSHIBA\Tvs\TvsTray.exe [2005-04-05 73728] "NDSTray.exe"=NDSTray.exe [] "PadTouch"=C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168] "ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "avgnt"=C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "CeEKEY"=C:\Programme\TOSHIBA\E-KEY\CeEKey.exe [2005-09-06 671744] "SearchSettings"=C:\Programme\Search Settings\SearchSettings.exe [2010-01-08 974848] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "H/PC Connection Agent"=C:\Programme\CatrinsNAVI\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-09 401491] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-05-24 1226288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrpdfprsrv.exe] C:\Programme\PowerPDF\pwrpdfsrv.exe [2003-02-07 4219904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe /nosplash /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Schnellstart.lnk] C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^Secunia PSI.lnk] C:\PROGRA~1\SCHUTZ~1\PSI\psi.exe [] C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart Secunia PSI.lnk - C:\Programme\Optimierungsprogramme\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner" "C:\Programme\Kommunikatonsprogramme\ICQ6\ICQ.exe"="C:\Programme\Kommunikatonsprogramme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Kommunikatonsprogramme\Skype\Phone\Skype.exe"="C:\Programme\Kommunikatonsprogramme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c434157-9319-11de-9ea7-00040ec2c466}] shell\AutoRun\command - E:\Toshiba\more4you.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1107d73-4f79-11de-9a92-0016d424d4ae}] shell\AutoRun\command - E:\StartVMCLite.exe ======List of files/folders created in the last 1 months====== 2010-04-21 07:03:47 ----D---- C:\rsit 2010-04-18 09:10:00 ----SHD---- C:\Config.Msi 2010-04-17 23:39:04 ----A---- C:\WINDOWS\Xnunaa.exe 2010-04-17 16:47:17 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-23 17:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-03-23 17:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-03-23 17:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-03-23 17:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-03-23 17:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$ 2010-03-23 17:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-23 17:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-03-23 17:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-03-23 17:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-03-23 17:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-03-23 17:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-03-22 13:06:35 ----A---- C:\WINDOWS\CFChg.INI 2010-03-22 13:05:27 ----A---- C:\WINDOWS\NDSBrow.INI ======List of files/folders modified in the last 1 months====== 2010-04-21 15:42:06 ----D---- C:\WINDOWS\Internet Logs 2010-04-21 07:04:02 ----D---- C:\WINDOWS\Prefetch 2010-04-21 07:03:23 ----D---- C:\WINDOWS\Temp 2010-04-21 07:03:15 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-21 07:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2010-04-21 07:01:31 ----D---- C:\WINDOWS\system32\drivers 2010-04-21 07:01:31 ----D---- C:\WINDOWS\system32 2010-04-21 07:01:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-21 07:00:08 ----SD---- C:\WINDOWS\Tasks 2010-04-20 23:19:45 ----D---- C:\WINDOWS 2010-04-20 23:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$ 2010-04-20 23:17:59 ----D---- C:\Programme\Adobe Photoshop CS3 2010-04-20 19:39:50 ----D---- C:\WINDOWS\Debug 2010-04-20 18:21:21 ----HD---- C:\WINDOWS\inf 2010-04-18 09:20:58 ----SHD---- C:\WINDOWS\Installer 2010-04-18 09:17:59 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-04-18 09:13:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-04-18 09:12:14 ----D---- C:\Programme\Adobe 2010-04-18 07:48:16 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vlc 2010-04-07 18:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-30 20:53:46 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon Easy-WebPrint EX 2010-03-29 13:03:06 ----RD---- C:\Programme 2010-03-23 17:37:21 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-23 17:37:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-23 17:36:57 ----D---- C:\WINDOWS\ie8updates 2010-03-23 17:28:16 ----D---- C:\Programme\Movie Maker ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-02 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627] R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-15 28520] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545] R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-06-03 9600] R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-08-05 235840] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys [] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2273] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605] R2 WebDriveFSD;WebDrive File System Driver; \??\c:\programme\uniprogramme\rffsd.sys [] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-05 1066278] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-21 2324480] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 101874] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-24 127376] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] R3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176] R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-07-29 30592] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 drhard;DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [] S3 DTV_Capture_2X0;Digital TV Receiver; C:\WINDOWS\System32\Drivers\DTV_Capture_2X0.sys [2004-09-06 18432] S3 DTV_Loader_2X1;Digital TV Loader; C:\WINDOWS\System32\Drivers\DTV_Loader_2X1.sys [2005-04-19 19200] S3 ewdmaudn;ewdmaudn; \??\C:\DOKUME~1\xxx\LOKALE~1\Temp\ewdmaudn.sys [] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088] S3 GT681x;Grand Tech gt681x NT; C:\WINDOWS\system32\DRIVERS\gt681x.sys [] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-11-05 101120] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-09-25 43552] S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 8192] S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe [2009-06-15 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Application Updater;Application Updater; C:\Programme\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] R2 CFSvcs;ConfigFree Service; C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-11-07 153376] R2 NMSAccessU;NMSAccessU; C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 Nurago-Reporting-Service;Nurago-Reporting-Service; C:\Programme\Gacela\Nurago-Reporting.exe [2009-02-23 102400] R2 Nurago-Update-Service;Nurago-Update-Service; C:\Programme\Gacela\Nurago-Updater.exe [2009-02-23 176128] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2005-09-16 53248] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-02-04 604416] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] R2 WebDriveService;WebDrive Service; c:\programme\uniprogramme\wdservice.exe [2003-03-26 94208] S2 WebSecurityProxy;WebSecurityProxy; C:\Programme\Uniprogramme\ILWIS\WSC.NTService_1.1.2\WSC.NTService_1.1.2\jsl\jsl.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-24 792112] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-04 361216] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341] S4 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
21.04.2010, 15:30
| #2 |
| /// Helfer-Team    | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Hi,
__________________du hast Malwarebytes vor dem Scan nicht aktualisiert. Hole das bitte nach, erstelle einen Full-Scan und lass alle Funde bereinigen. Danach Logfile posten. Außerdem: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
21.04.2010, 17:00
| #3 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Hallo zusammen.
__________________Ich habe gestern auch die selbe Virenmeldung bekommen, wie der Threaderöffner. Habe nun dieses Malwarebytes drüberlaufen lassen und folgenden Log bekommen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4016
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
21.04.2010 17:47:35
mbam-log-2010-04-21 (17-47-35).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 182162
Laufzeit: 47 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Rebecca\Lokale Einstellungen\Temp\Wfh.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\Rebecca\Lokale Einstellungen\Temp\Wfh.exe (Trojan.Downloader) -> Unloaded process successfully.
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Downloader) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Rebecca\Lokale Einstellungen\Temp\Wfh.exe (Trojan.Downloader) -> Delete on reboot.
C:\Dokumente und Einstellungen\Rebecca\Lokale Einstellungen\Temp\Wfg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{401093B3-5200-46DD-AA1D-9246D801F681}\RP144\A0034073.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Mich würde nun interessieren ob denn die Trojaner nun komplett entfernt wurden oder ob noch irgendwelche weiteren schritte notwendig sind. Vielen dank schonmal für eure Hilfe. |
|
21.04.2010, 17:05
| #4 |
| /// Helfer-Team | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" @Loverman1281 Der besseren Übersicht wegen erstell bitte einen eigenen Thread.
__________________ Alle Tipps und Anleitungen ohne Gewähr |
|
22.04.2010, 10:40
| #5 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Ok, hier der log vom neuen Suchlauf: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4020
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22.04.2010 11:10:26
mbam-log-2010-04-22 (11-10-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 284213
Laufzeit: 2 Stunde(n), 31 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\Xnunaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 22.04.2010 11:12:34 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 144,00 Mb Available Physical Memory | 14,00% Memory free 922,00 Mb Paging File | 266,00 Mb Available in Paging File | 29,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,16 Gb Total Space | 2,60 Gb Free Space | 2,79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 120,03 Mb Total Space | 75,67 Mb Free Space | 63,04% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dateien\Downloads\Thunderbird Setup 3.0.4.exe (Mozilla) PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Schutzprogramme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Internetprogramme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\temp\7zS52.tmp\setup.exe (Mozilla Messaging) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gacela\Nurago-Updater.exe () PRC - C:\Programme\Gacela\Nurago-Reporting.exe () PRC - C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) PRC - C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) PRC - C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA) PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA) PRC - C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\NAVI\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - c:\Programme\Uniprogramme\wdService.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (WebSecurityProxy) -- File not found SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (Nurago-Update-Service) -- C:\Programme\Gacela\Nurago-Updater.exe () SRV - (Nurago-Reporting-Service) -- C:\Programme\Gacela\Nurago-Reporting.exe () SRV - (NMSAccessU) -- C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe () SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common\Database\bin\fbserver.exe (The Firebird Project) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (CFSvcs) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (WebDriveService) -- c:\Programme\Uniprogramme\wdService.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (SSHDRV85) -- C:\WINDOWS\system32\drivers\SSHDRV85.sys () DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (drhard) -- C:\WINDOWS\system32\drivers\drhard.sys (Licensed for Gebhard Software) DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA ) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (DTV_Loader_2X1) -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys (WideView Technology Inc.) DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (DTV_Capture_2X0) -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys (Computer & Entertainment, Inc.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (RFNP32) -- C:\WINDOWS\system32\RFNP32.dll (River Front Software) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) DRV - (WebDriveFSD) -- c:\Programme\Uniprogramme\rffsd.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.startup.homepage: "xxx.web.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 44 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: feedbar@efinke.com:4.3.1 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3 FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8 FF - HKLM\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Programme\Gacela\ [2010.03.01 19:10:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Internetprogramme\Mozilla Firefox\components [2010.04.07 08:39:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Internetprogramme\Mozilla Firefox\plugins [2010.04.18 09:19:32 | 000,000,000 | ---D | M] [2008.10.14 08:47:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2010.04.22 08:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions [2010.03.14 11:44:32 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2010.03.12 19:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0} [2009.07.28 09:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.02.12 21:49:58 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2009.07.30 09:19:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.14 10:44:55 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2010.01.28 09:52:52 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2009.11.06 19:07:16 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\xyxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.04.17 22:18:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.09 20:30:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.17 22:18:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.03.14 10:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2009.09.20 22:17:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.02.12 21:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\feedbar@efinke.com [2008.10.14 10:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\imagedownload@whygudu.iblog.cn [2010.04.06 21:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\isreaditlater@ideashower.com [2010.04.01 08:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\extensions\smarterwiki@wikiatic.com [2010.04.20 18:53:36 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\searchplugins\ixquick---deutsch.xml [2008.10.14 09:35:49 | 000,000,972 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\wz31i3ge.default\searchplugins\ub-do-unser-katalog.xml O1 HOSTS File: ([2009.06.01 17:45:11 | 000,306,026 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 wxw.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 wxw.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 wxw.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 wxw.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 wxw.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 wxw.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 wxw.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 wxw.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 wxw.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 wxw.10sek.com O1 - Hosts: 127.0.0.1 wxw.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10560 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Gacela) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll (nurago GmbH) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (Gacela) - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Programme\Gacela\Gacela2.dll (nurago GmbH) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CeEKEY] C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [TPNF] C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\CatrinsNAVI\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Stephan\Startmenü\Programme\Autostart\Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data] O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\CatrinsNAVI\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\CatrinsNAVI\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Über Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll (nurago GmbH) O15 - HKCU\..Trusted Domains: uni-dortmund.de ([www.raumplanung] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8B123450-3855-4BA9-9CCE-488400DA054E} hxxp://www.yourgeo.de/plugin/AthensX.cab (SceneGraphControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\NAVI\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\xx DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.12 13:08:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8c434157-9319-11de-9ea7-00040ec2c466}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{f1107d73-4f79-11de-9a92-0016d424d4ae}\Shell - "" = AutoRun O33 - MountPoints2\{f1107d73-4f79-11de-9a92-0016d424d4ae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f1107d73-4f79-11de-9a92-0016d424d4ae}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.22 08:36:45 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.04.21 07:03:47 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.21 07:00:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2010.04.20 18:42:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.18 09:10:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.17 16:47:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.29 13:02:59 | 000,480,560 | ---- | C] (AVM Berlin) -- C:\WINDOWS\instwcli.dex [2006.10.28 11:45:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.22 11:00:20 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.04.22 08:36:46 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.04.22 08:17:07 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Word.lnk [2010.04.21 07:03:12 | 000,358,386 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.04.21 07:02:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.21 07:02:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.21 07:02:10 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys [2010.04.21 07:01:11 | 000,219,668 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.04.21 07:01:10 | 018,604,064 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.04.21 07:01:04 | 017,301,504 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.04.21 07:01:04 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.04.20 19:39:09 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe [2010.04.18 09:19:36 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.04.17 16:45:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.07 22:34:10 | 000,036,352 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Rastplätze.doc [2010.04.07 18:24:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.04.07 18:24:20 | 000,058,368 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.07 18:15:18 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F4A66AE9-A5DD-48F2-A731-0F5C826E58A8}.job [2010.04.07 10:20:18 | 000,016,896 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Adressen f. Urlaub.xls [2010.04.07 10:18:21 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Urlaub.xls [2010.04.07 08:50:35 | 000,196,096 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Urlaub Unternehmungen.doc [2010.04.05 11:51:20 | 001,091,263 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\IMG.pdf [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.29 10:24:39 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Urlaubsadressen.doc [2010.03.25 07:45:27 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Excel.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.20 19:39:08 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe [2010.04.18 09:13:41 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.04.07 21:56:14 | 000,036,352 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Rastplätze.doc [2010.04.07 08:52:38 | 000,016,896 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Adressen f. Urlaub.xls [2010.04.05 19:58:24 | 000,196,096 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Urlaub Unternehmungen.doc [2010.04.05 11:51:20 | 001,091,263 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\IMG.pdf [2010.03.29 09:30:52 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Urlaubsadressen.doc [2010.03.25 07:50:37 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Urlaub.xls [2010.03.22 13:06:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CFChg.INI [2010.03.22 13:05:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSBrow.INI [2010.02.17 14:56:16 | 000,000,430 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.10.12 21:56:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.10.12 21:56:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.09.28 12:04:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI [2008.09.19 15:15:30 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2008.09.19 14:31:42 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini [2008.09.11 23:11:33 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys [2008.09.10 08:53:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.05.04 19:08:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CPUINFO2.DLL [2008.04.17 11:22:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.04.13 08:24:53 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2008.03.03 19:54:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll [2007.10.26 22:57:40 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\RFHelper.dll [2007.10.26 22:57:40 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\rfwdres.dll [2007.10.26 22:57:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\rfshext.dll [2007.10.26 22:57:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\rfhres.dll [2007.10.26 22:57:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfstrres.dll [2007.10.26 22:57:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfshres.dll [2007.10.26 22:49:50 | 000,029,744 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2007.10.26 22:48:51 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2007.10.26 22:48:49 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.07.19 16:42:55 | 000,001,062 | R--- | C] () -- C:\WINDOWS\KochRun.ini [2007.06.23 23:18:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI [2007.05.01 10:57:19 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.05.01 10:57:19 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.04.29 11:27:00 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2007.04.23 02:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.04.23 02:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.03.02 18:35:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI [2007.01.28 15:35:32 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2006.12.13 14:38:26 | 005,947,392 | ---- | C] () -- C:\WINDOWS\System32\lvesg.dll [2006.11.28 15:55:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006.11.19 20:53:43 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.11.07 17:00:15 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll [2006.11.07 17:00:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll [2006.10.28 11:45:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2006.10.15 19:59:23 | 001,266,688 | ---- | C] () -- C:\WINDOWS\System32\pwrpdfuid.dll [2006.10.15 19:59:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll [2006.10.15 19:44:32 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2006.09.28 12:16:46 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\AngelScript.dll [2006.09.28 12:16:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jpgdlib.dll [2006.09.24 12:23:07 | 000,001,325 | ---- | C] () -- C:\WINDOWS\scummvm.ini [2006.08.04 20:06:30 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI [2006.08.04 19:47:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2006.08.04 15:45:18 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2005.09.15 09:34:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.09.15 09:17:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2005.09.15 08:02:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.09.14 16:26:44 | 000,000,236 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005.09.14 16:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2005.09.14 16:24:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005.09.14 16:24:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005.09.14 16:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005.09.14 16:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005.09.14 16:24:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005.09.14 16:24:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005.09.14 16:16:49 | 000,051,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.09.14 16:16:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.09.14 15:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI [2005.09.14 15:28:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL [2005.09.14 11:36:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005.09.14 11:35:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2005.09.14 11:35:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2005.09.14 11:35:11 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2005.09.14 11:35:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2005.09.12 13:17:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005.09.12 11:36:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2005.09.12 11:36:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.08.11 04:02:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.08.02 10:39:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll [2005.06.20 10:24:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll [2005.06.13 09:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2005.06.06 09:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll [2005.06.06 09:39:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll [2005.05.29 03:45:43 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll [2005.03.02 14:12:14 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2004.12.02 15:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2004.10.08 14:45:12 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2004.09.22 10:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.05.20 18:51:16 | 001,658,972 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2004.01.14 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2003.07.29 15:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll [2002.06.28 11:43:43 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966 @Alternate Data Stream - 1256 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:qztlE87lZ1wt9RvJsgbS3w @Alternate Data Stream - 1204 bytes -> C:\Programme\WindowsUpdate:N6Zn0nu4BUjGyEwxMZnXURxLzFX @Alternate Data Stream - 1200 bytes -> C:\Programme\Outlook Express:8JSNPi4OY9fDDP7sQreme43 @Alternate Data Stream - 1173 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:AoKMoTbNwuWV9JznRCL8MVLex @Alternate Data Stream - 1163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:gv9kcaOUjCxPRXjhPhQMu @Alternate Data Stream - 1146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:KrA5BcgIxQDYgpbGUuYujJ3a1 < End of report > |
|
22.04.2010, 10:41
| #6 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Und der 2.: Code:
ATTFilter OTL Extras logfile created on: 22.04.2010 11:12:34 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 144,00 Mb Available Physical Memory | 14,00% Memory free
922,00 Mb Paging File | 266,00 Mb Available in Paging File | 29,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 2,60 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120,03 Mb Total Space | 75,67 Mb Free Space | 63,04% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Internetprogramme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\Medienprogramme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\Medienprogramme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Medienprogramme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Medienprogramme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Medienprogramme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- ()
"C:\Programme\Kommunikatonsprogramme\ICQ6\ICQ.exe" = C:\Programme\Kommunikatonsprogramme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{0169C189-FB39-4756-B9A3-6B816C52357D}" = ESRI Software Documentation Library
"{01CEF48F-41F2-4A43-82F2-25D23D68C1D4}" = Cuttermaran 1.69a
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0DE4DE52-DB27-4D0F-93B6-E3C9E4698A10}" = PowerPDF Professional
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F40AF50-E524-4B61-9772-CFAA42C0672A}_is1" = 0.1.3.0-DBoxFE - DOSBox Frontend
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21AFF51C-9353-49A9-BA58-5BEA5630BA15}" = Radiotracker
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = Gacela
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E8BEBD-B3AA-4981-BA49-AD0AEA731031}" = Nero BackItUp 2 Essentials
"{6C9D6C92-0972-47E0-AB8B-D2B45A587398}" = mpegable AVC
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97A4D873-47B9-454A-A567-8AFF41C07155}" = EasyRecovery DataRecovery
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{AFA7FAAA-D267-4243-9B09-165A68501031}" = Nero 7 Essentials
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}" = TransportGigant
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = TIxx21/x515
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5809572-2ADC-11D7-81AC-00D009DAF871}" = GrafStat Ausgabe 2007/8
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"1&1 SmartSurfer" = 1&1 SmartSurfer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ahnenblatt" = Ahnenblatt
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArcGIS Desktop" = ArcGIS Desktop
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Aspell6-Dictionary-fr" = Aspell 0.6 Dictionary (Language: fr)
"Audio Recorder Pro_is1" = Audio Recorder Pro 3.70
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Baphomets Fluch" = Baphomets Fluch
"Baphomets Fluch II" = Baphomets Fluch
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CPU-Z 1.53" = CPU-Z 1.53
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"CSCLIB" = Canon Camera Support Core Library
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.0d
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"ffdshow_is1" = ffdshow [rev 2094] [2008-08-30]
"Firebird SQL Server D" = Firebird SQL Server (D)
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.8" = GSview 4.8
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Hurrican_is1" = Hurrican 1.0.0.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.3.6 Q16_is1" = ImageMagick 6.3.6-1 Q16 (10/15/07)
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey-Dienstprogramm
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Touchpad EIN/AUS-Utility
"InstallShield_{97A4D873-47B9-454A-A567-8AFF41C07155}" = EasyRecovery DataRecovery
"InstallShield_{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{E5809572-2ADC-11D7-81AC-00D009DAF871}" = GrafStat Ausgabe 2007/8
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JPGVideo_is1" = JPGVideo 1.04.0.0
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"LyX" = LyX 1.5.2-1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.6" = MiKTeX 2.6
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nachbarschaft Seepocken" = Nachbarschaft Seepocken
"NetDrive" = NetDrive
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"PDF2Word 1.0" = PDF2Word 1.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Power Saver" = TOSHIBA Power Saver
"ProjectX" = ProjectX
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"Raptor - Shareware" = Raptor - Shareware
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ROM CHECK FAIL_is1" = ROM CHECK FAIL 1.0
"Secunia PSI" = Secunia PSI
"Sysinternals Autoruns 9.5" = Sysinternals Autoruns 9.5
"Sysinternals PageDefrag 2.32" = Sysinternals PageDefrag 2.32
"TG Editor" = TG Editor
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TrueCrypt" = TrueCrypt
"Tweak-XP Pro 4" = Tweak-XP Pro 4
"Undie und Apartment" = Undie und Apartment
"Uninstall_is1" = Uninstall 1.0.0.1
"VectorWorks ArchLand 2008 SP3 R1" = VectorWorks ArchLand 2008 SP3 R1
"VLC media player" = VLC media player 1.0.2
"Wavosaur 1.0.1.0" = Wavosaur 1.0.1.0
"Winamp" = Winamp
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.0.7.0
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"ZoneAlarm" = ZoneAlarm
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2010 12:30:28 | Computer Name = xxx | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 20.04.2010 12:36:31 | Computer Name = xxx | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.04.2010 16:35:07 | Computer Name = xxx | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.04.2010 16:35:28 | Computer Name = xxx | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 20.04.2010 17:20:51 | Computer Name = xxx | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.04.2010 17:21:39 | Computer Name = xxx | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 21.04.2010 00:35:03 | Computer Name = xxx | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 21.04.2010 00:35:14 | Computer Name = xxx | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 21.04.2010 01:02:41 | Computer Name = xxx | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 21.04.2010 01:03:24 | Computer Name = xxx | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
[ System Events ]
Error - 20.04.2010 12:11:08 | Computer Name = xxx | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst TuneUp.ProgramStatisticsSvc.
Error - 20.04.2010 12:23:48 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 20.04.2010 12:29:47 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 20.04.2010 12:36:30 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 20.04.2010 16:34:50 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 20.04.2010 17:21:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 20.04.2010 17:21:11 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 21.04.2010 00:35:02 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 21.04.2010 01:02:37 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebSecurityProxy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 21.04.2010 01:02:46 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
[ TuneUp Events ]
Error - 20.04.2010 12:54:10 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-20 18:54:10', '\device\harddiskvolume1\programme\schutzprogramme\malwarebytes'
anti-malware\mbam.exe','2444',0)
Error - 20.04.2010 16:31:25 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-20 22:31:25', '\device\harddiskvolume1\dokumente
und einstellungen\all users\anwendungsdaten\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','3364',0)
Error - 20.04.2010 16:31:30 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-20 22:31:30', '\device\harddiskvolume1\programme\schutzprogramme\malwarebytes'
anti-malware\mbam.exe','708',0)
Error - 20.04.2010 16:36:47 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-20 22:36:47', '\device\harddiskvolume1\programme\schutzprogramme\malwarebytes'
anti-malware\mbam.exe','2440',0)
Error - 20.04.2010 17:20:56 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-20 23:20:56', '\device\harddiskvolume1\programme\schutzprogramme\malwarebytes'
anti-malware\mbam.exe','3320',0)
Error - 21.04.2010 00:41:37 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-21 06:41:37', '\device\harddiskvolume1\programme\schutzprogramme\malwarebytes'
anti-malware\mbam.exe','2892',0)
Error - 21.04.2010 01:03:05 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-21 07:03:02', '\device\harddiskvolume1\programme\schutzprogramme\malwarebytes'
anti-malware\mbam.exe','1944',0)
< End of report >
|
|
22.04.2010, 10:48
| #7 |
| /// Helfer-Team | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Poste das Malwarebytes-Logfile bitte vollständig. Ich brauche auch die Angaben über Datenbank-Version und Betriebssystem. 
__________________ Alle Tipps und Anleitungen ohne Gewähr |
|
22.04.2010, 14:23
| #8 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Die stehen doch mit drin: Malwarebytes' Anti-Malware 1.45Oder meintest du etwas anderes? Geändert von urbanpioneer (22.04.2010 um 14:30 Uhr) |
|
22.04.2010, 17:48
| #9 | |
| /// Helfer-Team | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Bitte gehe zu Virustotal und lasse dort nacheinander die folgenden Dateien scannen (zuvor ggf. sichtbar machen): Code:
ATTFilter C:\WINDOWS\CFChg.INI
C:\WINDOWS\NDSBrow.INI
C:\WINDOWS\cpvas.ini
C:\WINDOWS\System32\rfstrres.dll
C:\WINDOWS\kochrun.ini
C:\WINDOWS\System32\dvmsg.dll
C:\WINDOWS\System32\lvesg.dll
C:\WINDOWS\System32\pwrpdfuid.dll
C:\WINDOWS\System32\jpgdlib.dll
Dann: Starte OTL und kopiere in das Skript-Feld: Code:
ATTFilter :OTL
SRV - (WebSecurityProxy) -- File not found
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966
@Alternate Data Stream - 1256 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:qztlE87lZ1wt9RvJsgbS3w
@Alternate Data Stream - 1204 bytes -> C:\Programme\WindowsUpdate:N6Zn0nu4BUjGyEwxMZnXURxLzFX
@Alternate Data Stream - 1200 bytes -> C:\Programme\Outlook Express:8JSNPi4OY9fDDP7sQreme43
@Alternate Data Stream - 1173 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:AoKMoTbNwuWV9JznRCL8MVLex
@Alternate Data Stream - 1163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:gv9kcaOUjCxPRXjhPhQMu
@Alternate Data Stream - 1146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:KrA5BcgIxQDYgpbGUuYujJ3a1
:Commands
[emptytemp]
[Reboot]
Danach: Bitte GMER scannen lassen und das Logfile posten. Zitat:
__________________ Alle Tipps und Anleitungen ohne Gewähr Geändert von Franz1968 (22.04.2010 um 18:04 Uhr) |
|
26.04.2010, 12:40
| #10 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Also, weiter gehts. Hier die Ergebnislinks von Virustotal: Code:
ATTFilter C:\WINDOWS\CFChg.INI
hxxp://www.virustotal.com/vt/de/recepcion?4ca6f64d5d1c6d13c98f110e892eb055
C:\WINDOWS\NDSBrow.INI
hxxp://www.virustotal.com/vt/de/recepcion?514f4bc97cd1bddb6665c975723bd4f7
C:\WINDOWS\cpvas.ini
hxxp://www.virustotal.com/de/analisis/02ccb2b6d8a11bd65c468fbaca041cfc7a9cb05d7030d5d24bf3c7392f6bd6db-1271999912
C:\WINDOWS\System32\rfstrres.dll
hxxp://www.virustotal.com/de/analisis/5550671225427953f750faf30cd0dc0af8c3a8ad2bb31cb3b13b1a3586690587-1272000003
C:\WINDOWS\kochrun.ini
hxxp://www.virustotal.com/de/analisis/b5d3286fee341ae7972b31271b428e55cd120bbbbfcad7ed59500dd2ed319516-1272000079
C:\WINDOWS\System32\dvmsg.dll
hxxp://www.virustotal.com/de/analisis/05166736a2abb691daa4aa9fd65d5a4e5980729ddbc2a717327f792a83417f87-1272000201
C:\WINDOWS\System32\lvesg.dll
hxxp://www.virustotal.com/de/analisis/a86e11e24a7aff999982aa1959e489c45bc742dd057e42409462938ce0d00937-1272000408
C:\WINDOWS\System32\pwrpdfuid.dll
hxxp://www.virustotal.com/de/analisis/632b20ec3b66493257eba9ec1980c1b623557c2f8f6cb49511e4f6e846cab800-1272000557
C:\WINDOWS\System32\jpgdlib.dll
hxxp://www.virustotal.com/de/analisis/b7ae209b0e7c3adf1c80b82c384e0f69e21dbc271ed4dfa9f8674b46e0f04084-1272000748
Code:
ATTFilter All processes killed
========== OTL ==========
Service WebSecurityProxy stopped successfully!
Service WebSecurityProxy deleted successfully!
File File not found not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:qztlE87lZ1wt9RvJsgbS3w deleted successfully.
ADS C:\Programme\WindowsUpdate:N6Zn0nu4BUjGyEwxMZnXURxLzFX deleted successfully.
ADS C:\Programme\Outlook Express:8JSNPi4OY9fDDP7sQreme43 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:AoKMoTbNwuWV9JznRCL8MVLex deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:gv9kcaOUjCxPRXjhPhQMu deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:KrA5BcgIxQDYgpbGUuYujJ3a1 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: xxx
->Temp folder emptied: 614184 bytes
->Temporary Internet Files folder emptied: 1322614 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40120292 bytes
->Google Chrome cache emptied: 19912740 bytes
->Flash cache emptied: 4836 bytes
User: USER
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1717197 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 61,00 mb
OTL by OldTimer - Version 3.2.2.0 log created on 04232010_143943
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\ZLT009fe.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT04dd2.TMP not found!
Registry entries deleted on Reboot...
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-26 13:29:53
Windows 5.1.2600 Service Pack 3
Running: dtqru4q9.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\fwtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xAA621040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xAA61D930]
SSDT F7B19DB6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xAA621510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xAA627870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xAA627AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xAA62AFD0]
SSDT F7B19DAC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xAA621600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xAA61DF20]
SSDT F7B19DBB ZwDeleteKey
SSDT F7B19DC5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xAA627580]
SSDT F7B19DCA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xAA61DD70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xAA627350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xAA627150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xAA62A250]
SSDT F7B19DD4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xAA620C00]
SSDT F7B19DCF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xAA621220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xAA61E120]
SSDT F7B19DC0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xAA627CD0]
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9F5A16D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9F59FC2
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [10, 15, 62, AA, 70, 78, 62, ...] {ADC [0x7870aa62], DL; BOUND EBP, [EDX-0x559d8560]}
? srescan.sys Das System kann die angegebene Datei nicht finden. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6131DBF]
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xAA72B000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xAA75E000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xAA774000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA9AAE400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9B52620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9B52620]
.protectÿÿÿÿhardlockunknown last code section [0xA9B52400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA9B52400, 0x5126, 0xE0000020]
? System32\Drivers\hiber_WMILIB.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA625E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA625E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA625E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA625E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AA625E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AA633330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA625CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA625E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA626320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA6261C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4E5F608-BFE0-471E-D5C2-99A85D34D334}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4E5F608-BFE0-471E-D5C2-99A85D34D334}@haljbdcndmpmdibd 0x6D 0x64 0x70 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4E5F608-BFE0-471E-D5C2-99A85D34D334}@iahoklkbggbepfdaah 0x69 0x61 0x6D 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E4E5F608-BFE0-471E-D5C2-99A85D34D334}@haboajjiehpihbii 0x69 0x61 0x69 0x6E ...
---- EOF - GMER 1.0.15 ----
|
|
26.04.2010, 13:07
| #11 |
| /// Helfer-Team | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Die ersten beiden Virustotal-Links führen ins Leere. Was ist mit dem User "User"? Ist er dir bekannt? 
__________________ Alle Tipps und Anleitungen ohne Gewähr |
|
26.04.2010, 19:45
| #12 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" So oft ich es auch versuche, ich bekomme beim Upload von den ersten beiden immer nur diese komische spanische (?) Meldung. Einen User namens User gibt es bei mir nicht, ich habe nur "xxx" als Benutzer (mein Vorname halt). |
|
30.04.2010, 21:23
| #13 |
| | 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Ist mein PC jetzt fertig behandelt? Oder muss ich mir ganz viele Sorgen machen? |
|
| Themen zu 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" |
| antivir, antivir guard, avgntflt.sys, avira, bho, canon, cdburnerxp, combofix, desktop, device driver, einstellungen, excel, firefox, fontcache, hijack, hijackthis, hkus\s-1-5-18, home, infizierte dateien, kaspersky, langsam, launch, logfile, mozilla, nodrives, plug-in, realtek, registry, sehr langsam, skype.exe, software, spigot, system, trojan, trojan.downloader, trojaner, windows, windows xp |
Linear-Darstellung
