| |
| |||||||
Log-Analyse und Auswertung: TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des TeufelsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.04.2010, 21:12
| #1 |
 |  TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Hallöle, mein Problem erstreckt sich vermutlich schon über einen längeren Zeitraum von einigen Monaten, und ich habe in etwa genausoviel Ahnung von Computer- u. Internetprogrammen und allem was dazu gehört, wie jemand einer etwas älteren Generation, sagen wir der Generation ab 80 J. aufwärts  genauso schlecht sind meine Englischkenntnisse und somit erklärt sich hoffentlich meine fortlaufend bestehende Begriffsstutzigkeit.Vor etwa einem Jahr Ich sitze an meinem kleinen Netbook und installiere Mozilla Firefox, doch der Browser funktioniert nicht. "Hmm, was nun?", denke ich kurz und nutze dann weiterhin, aus lauter Gleichgültigkeit und Faulheit nach einer Lösung zu suchen, den Explorer. Hin und wieder, aber eher selten, meldet sich Avira (Freeware) mit einer Warnung bzgl. eines Virenproblems. Und da ist es wieder, dieses Desinteresse. Wochen später "Klick"... 'Ohne Ziel vor Augen durchs Netz surfen? Oh ja, mal wieder was anderes, nach dem Schrott der letzten Tage im TV', überlege ich und schmeiß die Kiste an. 15 Minuten später, das Ding ist immernoch nicht ganz hochgefahren, stelle ich mir (schon leicht gereizt) die Frage, ob das nun häufiger so sein wird und warte weiter. 'Geduldig sein, war doch bislang eine meiner wenigen Stärken', geht mir durch den Kopf nachdem ich schon eine ganze Weile im Schneckentempo durchs Netz schleiche und 'aaahhh, was soll denn das ständig mit den scheiß Werbefenstern hier...', flippe ich fast aus und halte den Knopf in der Ecke gedrückt, als alles hängt und sich garnichts mehr tut. Ich starte einen neuen Versuch. Schon wieder warte ich ewig, habe aber somit die Anwort auf meine Frage von vorhin. 'Boah, verkackter Scheißdreck', fluche ich laut, als ich das dritte Werbefenster schließe, dabei hab doch ich den Explorer noch nicht einmal öffnen können. Versteh das alles nicht. Und als hätte ichs geahnt, erhalte ich eine Warnung von Avira, meiner Freundin. Ihr zur Liebe, starte ich am 10.04. mal einen Suchlauf. Ergebnis: '1'Virus. Ich klicke auf reparieren.'Immernoch diese scheiß Werbefenster', grummel ich und ignoriere sie dann. Seit Tagen bekomme ich eine Fehlermeldung, beim Explorer ist ein Problem aufgetreten. Ich ignoriere sie und schiebe sie bei Seite, so kann ich wenigstens in einer sehr zeitaufreibenden Geschwindigkeit meine E-mails checken. Internetoptionen?? Schlimmer kann man es wohl eh kaum noch machen und setze bei 'erweitert' den Explorer auf Standardeinstellungen zurück, allein schon für das Gefühl, endlich mal was eigeninitiativ getan zu haben, war aber auch alles fürn Arsch. Ich lade einfach einen anderen Browser runter, denke ich schon im nächsten Moment und installiere Safari 'Na hoppla, Avira...du schon wieder', bin wenig erfreut und schicke das Ding in Quarantäne, aber da...schon wieder Avira, und nochmal und nochmal und nochmal... 10x? 15x? Ist ja egal, irgendwas stimmt hier nicht. Ich starte am 19.04. einen Suchlauf. Ergebnis: '18'Viren. Irgndwie fürchte ich mich und weiß nicht mehr weiter. Irgendwo lese ich etwas über HJT und lade es runter. 'Fuck', fluche ich, denn es ist auf Englisch, also suche ich nach der deutschen Übersetzung und erarbeite mir, wissbegierig wie noch nie, sämtliche Infos zu den einzelnen, im Logfile aufgelisteten Dateien, doch manchmal erfahre ich nicht genug darüber und traue mich deshalb nicht zu fixen. 'Neuerdings ist fixen wohl eine Art seine Probleme loszuwerden, soso', staune ich und beschließe zeitgleich mich bei Trojaner-Board zu registrieren um dort etwas ängstlich um Hilfe zu betteln. Auf Anraten installiere ich den CCleaner und darauf folgend Malwarebytes, beides nach Anleitung durchgeführt. 32 infizierte Dateien werden desinfiziert. Ich starte einen Avira Suchlauf. Ergebnis: 0Funde. Puh, erschöpft lege ich mich schlafen. Den Tag darauf beschließe ich, das posten des Logfiles auf morgen zu verschieben. Siehe da, Avira meldet sich und warnt mehrmals vor den beiden in der Titelzeile stehenden Bösewichten.  Muss ich nun ein HJT-Logfile schicken???  So, ich bemühte mich, mein Problem ausführlich genug zu schildern und hoffe, dass jetzt keiner zu faul ist es zu lesen......ich wäre es vermutlich  Liebe Grüße |
|
22.04.2010, 13:53
| #2 |
| |  TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Ich mach einfach mal...
__________________Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 14:49:56, on 22.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Winamp\winampa.exe C:\Programme\SweetIM\Messenger\SweetIM.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\igfxext.exe C:\Programme\ICQ7.0\ICQ.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\DOKUME~1\Hektor\LOKALE~1\Temp\RtkBtMnt.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Windows Live\Contacts\wlcomm.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] ~"C:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224161720014 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 10356 bytes |
|
22.04.2010, 16:42
| #3 | |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Netter Bericht1. Poste das Malwarebytes Log mit den 32 Funden. 2. http://www.trojaner-board.de/74908-a...t-scanner.html Log posten. 3. Hol dir OTL Starte OTL Kopiere unten in das Skript-Feld rein: Zitat:
Schließe alle anderen Programme. Klicke auf Quick Scan. Poste die beiden Logs - OTL.txt und Extras.txt (werden im gleichen Verzeichnis erstellt, in dem OTL ausgeführt wurde). |
|
22.04.2010, 18:32
| #4 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Danke  1. Malwarebytes' Anti-Malware 1.45 Malwarebytes Datenbank Version: 4012 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.04.2010 18:43:32 mbam-log-2010-04-20 (18-43-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 108511 Laufzeit: 10 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 21 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: C:\WINDOWS\system\svchost.exe (Trojan.FakeAlert) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svchost (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe cpcp.cpo bef0regiiav) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\WINDOWS\system\svchost.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\Temp\21.tmp (Trojan.Meredrop) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. |
|
22.04.2010, 21:30
| #5 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-04-22 22:11:06 Windows 5.1.2600 Service Pack 3 Running: 2kkbgtql.exe; Driver: C:\DOKUME~1\Hektor\LOKALE~1\Temp\ugldipow.sys ---- System - GMER 1.0.15 ---- SSDT F7DCF996 ZwCreateKey SSDT F7DCF98C ZwCreateThread SSDT F7DCF99B ZwDeleteKey SSDT F7DCF9A5 ZwDeleteValueKey SSDT F7DCF9AA ZwLoadKey SSDT F7DCF978 ZwOpenProcess SSDT F7DCF97D ZwOpenThread SSDT F7DCF9B4 ZwReplaceKey SSDT F7DCF9AF ZwRestoreKey SSDT F7DCF9A0 ZwSetValueKey SSDT F7DCF987 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\ICQ7.0\ICQ.exe[1388] kernel32.dll!ReadFile 7C801812 6 Bytes JMP 5F160F5A .text C:\Programme\ICQ7.0\ICQ.exe[1388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01550001 .text C:\Programme\ICQ7.0\ICQ.exe[1388] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F130F5A .text C:\Programme\ICQ7.0\ICQ.exe[1388] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A .text C:\Programme\ICQ7.0\ICQ.exe[1388] kernel32.dll!GetFileSize 7C810B17 6 Bytes JMP 5F190F5A .text C:\Programme\ICQ7.0\ICQ.exe[1388] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5F040F5A .text C:\Programme\ICQ7.0\ICQ.exe[1388] USER32.dll!SetParent 7E37C7F9 3 Bytes [FF, 25, 1E] .text C:\Programme\ICQ7.0\ICQ.exe[1388] USER32.dll!SetParent + 4 7E37C7FD 2 Bytes [1D, 5F] .text C:\Programme\ICQ7.0\ICQ.exe[1388] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 5F0A0F5A .text C:\Programme\ICQ7.0\ICQ.exe[1388] ole32.dll!CoCreateInstance 774D057E 6 Bytes JMP 5F0D0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016F0001 .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F260F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F230F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 6 Bytes JMP 5F0D0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!RegQueryValueExW 77DA6FFF 6 Bytes JMP 5F0A0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!RegQueryValueExA 77DA7ABB 6 Bytes JMP 5F040F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 6 Bytes JMP 5F2C0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!RegSetValueExA 77DAEAE7 6 Bytes JMP 5F290F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28006A70 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5F200F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004630 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005E10 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28006090 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280066E0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!DestroyWindow 7E37B19C 3 Bytes [FF, 25, 1E] .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!DestroyWindow + 4 7E37B1A0 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!SetWindowLongW 7E37C2BB 6 Bytes JMP 5F1A0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 28003C60 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005F50 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280068D0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006280 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004F10 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2800B8A0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WS2_32.dll!send 71A14C27 5 Bytes JMP 2800B480 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2800B260 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2800B0C0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2800B660 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] SHELL32.dll!Shell_NotifyIconW 7E6DA5BF 5 Bytes JMP 280033B0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 28002600 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WININET.dll!GetUrlCacheEntryInfoExW 408BBE43 6 Bytes JMP 5F4D0F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2800A070 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WININET.dll!HttpQueryInfoA 408C878D 6 Bytes JMP 5F420F5A .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2800A220 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 28009EE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Programme\Windows Live\Messenger\msnmsgr.exe[1512] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 2800A150 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\WINDOWS\system32\SearchIndexer.exe[2480] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
22.04.2010, 22:00
| #6 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Während der OTL Quick-scan lief bekam ich 2 Warnungen von Avira 'TR.Spy.Bebloh.53' OTL logfile created on: 22.04.2010 22:35:30 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\Hektor\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.012,00 Mb Total Physical Memory | 615,00 Mb Available Physical Memory | 61,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 105,94 Gb Total Space | 80,16 Gb Free Space | 75,67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEXE Current User Name: Hektor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.04.22 22:32:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe PRC - [2010.03.28 14:39:17 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.08.05 12:00:50 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.09 13:34:32 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.05.20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.03.09 17:49:18 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.07.11 15:36:50 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Temp\RtkBtMnt.exe PRC - [2008.06.04 18:10:02 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe PRC - [2008.05.22 15:30:16 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2008.05.14 05:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.28 09:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (SafeList) ========== MOD - [2010.04.22 22:32:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe MOD - [2009.05.20 15:11:06 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\SweetIM\Messenger\msvcr71.dll ========== Win32 Services (SafeList) ========== SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.08.05 12:00:50 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.09 13:34:32 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.11.06 01:45:13 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.07.18 16:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010.03.08 21:29:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.09 13:34:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.27 23:24:24 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.08 03:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2008.07.01 05:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.05.20 17:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008.05.20 11:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.05.05 15:01:02 | 000,254,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv) DRV - [2008.04.25 03:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2008.04.14 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.04.14 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2008.04.14 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2008.04.14 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2008.04.14 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2008.04.14 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2008.04.14 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2008.04.14 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2008.04.14 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2008.04.14 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2008.04.14 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2008.04.14 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2008.04.14 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2008.04.14 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2008.04.14 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.02.15 07:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys) DRV - [2004.12.08 08:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.type: 1 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ant.com" FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" [2009.04.09 01:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Extensions [2010.04.11 12:27:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\extensions [2009.07.05 20:34:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.12 00:39:32 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.07.07 14:23:11 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Mozilla\Firefox\Profiles\3m5vvznf.default\searchplugins\sweetim.xml [2010.04.12 13:55:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [M3000Mnt] File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224161720014 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.11 15:23:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\Shell - "" = AutoRun O33 - MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found O33 - MountPoints2\{b9ee00b6-3c0b-11df-a99e-0022697eafc5}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\Auto\command - "" = D:\activexdebugger32.exe -- File not found O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\explore\Command - "" = D:\activexdebugger32.exe -- File not found O33 - MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\Shell\open\Command - "" = D:\activexdebugger32.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.08.27 15:13:31 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 90 Days ========== [2010.04.22 22:32:26 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe [2010.04.21 00:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Yahoo [2010.04.21 00:31:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! [2010.04.20 20:15:06 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2010.04.20 19:22:03 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.20 19:22:02 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.20 18:45:47 | 000,000,000 | ---D | C] -- C:\Avenger [2010.04.20 18:17:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Malwarebytes [2010.04.20 18:16:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware [2010.04.20 18:16:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.20 18:16:47 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.20 18:16:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.20 18:16:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.20 17:49:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Hektor\Recent [2010.04.20 17:38:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Desktop\CCleaner [2010.04.20 17:38:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.20 13:17:06 | 000,000,000 | ---D | C] -- C:\Programme\TrendMicro [2010.04.20 13:09:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Desktop\HiJackThis [2010.04.16 19:42:47 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.04.16 19:36:23 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.04.16 01:27:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Move Networks [2010.04.06 23:34:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.05 20:27:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.04.05 20:27:29 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.04.02 22:56:23 | 000,000,000 | -HSD | C] -- C:\found.000 [2010.03.31 09:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.03.30 17:03:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Apple Computer [2010.03.30 17:01:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.03.30 16:59:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2010.03.30 16:58:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Apple [2010.03.30 16:58:52 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.03.30 16:57:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.03.30 16:57:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple [2010.03.30 16:55:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2010.03.29 13:54:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Eigene Dateien\Downloads [2010.03.28 17:21:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Desktop\Emma [2010.03.12 00:39:36 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.03.12 00:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.03.12 00:39:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoft [2010.03.09 20:52:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\AOL [2010.03.09 20:52:32 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0 [2010.03.08 23:37:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Facebook [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.04.22 22:32:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hektor\Desktop\OTL.exe [2010.04.22 22:20:25 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.04.22 22:20:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.22 22:20:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.22 22:19:59 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys [2010.04.22 20:01:31 | 005,767,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\ntuser.dat [2010.04.22 20:01:31 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hektor\ntuser.ini [2010.04.22 19:52:11 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\2kkbgtql.exe [2010.04.22 12:32:16 | 003,004,263 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00236.JPG [2010.04.22 12:18:40 | 000,034,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.21 01:20:04 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.04.20 20:16:12 | 000,055,200 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.20 19:26:55 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\RSIT.exe [2010.04.19 23:42:56 | 000,000,616 | ---- | M] () -- C:\WINDOWS\win.ini [2010.04.15 10:17:59 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010.04.10 22:43:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.03.31 09:30:23 | 001,110,356 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.31 09:30:23 | 000,485,732 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.03.31 09:30:23 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.03.31 09:30:23 | 000,095,400 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.03.31 09:30:23 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.09 20:54:20 | 000,001,493 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.lnk [2010.03.08 21:29:05 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.22 19:51:31 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\2kkbgtql.exe [2010.04.22 12:32:16 | 003,004,263 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00236.JPG [2010.04.22 12:22:21 | 001,424,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00227.JPG [2010.04.22 12:21:57 | 001,438,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00237.JPG [2010.04.22 12:21:48 | 001,459,005 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\DSC00223.JPG [2010.04.20 20:16:12 | 000,055,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.20 20:15:18 | 000,002,163 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.04.20 19:26:55 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Hektor\Desktop\RSIT.exe [2010.04.15 10:17:59 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.03.09 20:54:20 | 000,001,493 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.lnk [2009.04.01 19:07:24 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.04.01 19:07:24 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008.07.11 17:16:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.05 09:01:02 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2008.04.14 14:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008.02.15 07:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2007.07.13 08:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2006.03.10 23:15:44 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.03.29 00:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2003.09.22 07:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2002.11.22 02:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2002.11.22 02:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2002.11.22 02:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2002.11.22 02:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2002.11.22 02:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2002.11.22 02:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll ========== LOP Check ========== [2010.03.09 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.03.29 10:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2009.07.07 14:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2008.11.06 01:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008.08.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2010.03.30 17:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.03 22:22:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Any Video Converter [2010.03.08 23:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Facebook [2010.04.13 18:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\ICQ [2008.11.06 01:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\TuneUp Software [2009.06.05 23:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Windows Desktop Search [2008.10.29 20:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Windows Live Writer [2009.06.06 12:25:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hektor\Anwendungsdaten\Windows Search [2010.04.22 22:20:25 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: FTDISK.SYS > [2008.04.14 14:00:00 | 000,126,336 | ---- | M] (Microsoft Corporation) MD5=8F1955CE42E1484714B542F341647778 -- C:\WINDOWS\system32\dllcache\ftdisk.sys [2008.04.14 14:00:00 | 000,126,336 | ---- | M] (Microsoft Corporation) MD5=8F1955CE42E1484714B542F341647778 -- C:\WINDOWS\system32\drivers\ftdisk.sys < MD5 for: NDIS.SYS > [2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.07.11 17:14:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.07.11 17:14:34 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.07.11 17:14:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < End of report > |
|
22.04.2010, 22:06
| #7 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels OTL Extras logfile created on: 22.04.2010 22:35:30 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\Hektor\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.012,00 Mb Total Physical Memory | 615,00 Mb Available Physical Memory | 61,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 105,94 Gb Total Space | 80,16 Gb Free Space | 75,67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEXE Current User Name: Hektor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.) "C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.) "C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- File not found "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\Installer\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}\SafariIco.exe" = C:\WINDOWS\Installer\{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}\SafariIco.exe:*:Enabled:SafariIco -- () "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4 "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam 1.0.1.3 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HammerHead Rhythm Station" = HammerHead Rhythm Station "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
|
22.04.2010, 23:01
| #8 | |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels 1. Starte OTL. Kopiere unten in das Skript-Feld rein: Zitat:
Neustart zulassen, wenn gefragt. Poste das Fix Log. Zu finden unter c:\_OTL 2. http://www.trojaner-board.de/51187-a...i-malware.html Diesmal einen Vollscan, denk ans Updaten. Log posten. 3. http://www.trojaner-board.de/51871-a...tispyware.html Log posten. |
|
22.04.2010, 23:24
| #9 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels das folgende Log öffnete sich nach dem Neustart und war auch zu finden unter c:\_OTL... All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\M3000Mnt deleted successfully. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9df76930-409b-11df-a9ac-0022697eafc5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9df76930-409b-11df-a9ac-0022697eafc5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df76930-409b-11df-a9ac-0022697eafc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9df76930-409b-11df-a9ac-0022697eafc5}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ee00b6-3c0b-11df-a99e-0022697eafc5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ee00b6-3c0b-11df-a99e-0022697eafc5}\ not found. File F:\Get_Started_for_Win.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. File D:\activexdebugger32.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. File D:\activexdebugger32.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7e96b8-b1d4-11dd-a739-0022697eafc5}\ not found. File D:\activexdebugger32.exe not found. SSHNAS removed from NetSvcs value successfully! ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | dword:0x00 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 212992 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Hektor ->Temp folder emptied: 326169808 bytes ->Temporary Internet Files folder emptied: 34746689 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3562917 bytes ->Apple Safari cache emptied: 82797064 bytes ->Flash cache emptied: 2700 bytes User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 1138892 bytes User: NetworkService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3590535 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1168909 bytes RecycleBin emptied: 415556 bytes Total Files Cleaned = 433,00 mb OTL by OldTimer - Version 3.2.2.0 log created on 04232010_000754 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
23.04.2010, 11:29
| #10 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Ich hoffe es ist jetzt nicht arg dramatisch, dass ich deine letzten beiden Anweisungen erst vorhin geshen hab, sorry! Während jetzt gerade der Vollscan lief, bekam ich 3 Warnungen wegen TR/Trash.gen und 3 Warnungen wegen TR/Spy.Bebloh.A.53, es wurden aber scheinbar keine infizierten Dateien entdeckt, hier das Log Malwarebytes' Anti-Malware 1.45 Malwarebytes Datenbank Version: 4024 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.04.2010 12:21:39 mbam-log-2010-04-23 (12-21-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 160993 Laufzeit: 1 Stunde(n), 7 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
23.04.2010, 16:13
| #11 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 04/23/2010 at 02:24 PM Application Version : 4.35.1002 Core Rules Database Version : 4842 Trace Rules Database Version: 2654 Scan type : Complete Scan Total Scan Time : 01:21:01 Memory items scanned : 565 Memory threats detected : 0 Registry items scanned : 5533 Registry threats detected : 9 File items scanned : 62668 File threats detected : 22 Adware.Tracking Cookie C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@content.yieldmanager[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@tracking.quisma[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@euros4click[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@tradedoubler[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@apmebf[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@eas.apm.emediate[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@mediaplex[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@ad.zanox[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@invitemedia[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@atdmt[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@webmasterplan[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@zanox[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@traffictrack[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@adtech[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@content.yieldmanager[3].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@zanox-affiliate[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@unitymedia[1].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@adfarm1.adition[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@ad.yieldmanager[2].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@doubleclick[3].txt C:\Dokumente und Einstellungen\Hektor\Cookies\hektor@adx.chip[1].txt Trojan.Agent/Gen-SSHNAS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc Trojan.Agent/Gen-Nullo[Short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{63424077-D6C7-4118-84E0-FDC2757B780D}\RP341\A0047746.EXE |
|
23.04.2010, 16:38
| #12 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Ok, die Funde von SUPERAntiSpyware können entfernt werden, wenn noch nicht geschehen. Wegen den Warnungen sollten wir noch was tun: Kaspersky Online Scanner Klicke auf Accept. Musst etwas warten, ist zunächst ausgegraut. Nicke alles ab. Das Programm beginnt mit dem Herunterladen benötigter Dateien, das kann eine Weile dauern. Nachdem alles heruntergeladen wurde, Klicke auf Settings. Stell sicher, dass diese Bereiche mit einem Haken markiert sind:
Nachdem der Scan komplett ist, klicke auf View report unten und dann Save report. Poste das eben gespeicherte Log. Edit: Noch was vergessen: schalte den AV-Wächter ab während des Scans. Also in diesem Fall den Guard von Avira. |
|
23.04.2010, 21:07
| #13 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels Habe Avira deaktiviert, da lief der Scan bereits... Bis 99% hat Kaspersky nichts gefunden und in der letzten Minute dann die 5 Sachen  KASPERSKY ONLINE SCANNER 7.0: scan report Friday, April 23, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, April 23, 2010 14:04:36 Records in database: 3973498 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ Scan statistics Objects scanned 65517 Threats found 2 Infected objects found 3 Suspicious objects found 0 Scan duration 03:33:56 File name Threat Threats count C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8TEZOEZ\201004131333[1].exe Infected: Packed.Win32.Katusha.j 1 C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8TEZOEZ\201004170530[1].exe Infected: Trojan-Downloader.Win32.Piker.cfj 1 C:\WINDOWS\system32\xbptaxnnny.exe Infected: Trojan-Downloader.Win32.Piker.cfj 1 Selected area has been scanned. |
|
24.04.2010, 10:13
| #14 | |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels 1. Starte OTL. Kopiere unten in das Skript-Feld rein: Zitat:
Neustart zulassen, wenn gefragt. Poste das Fix Log. Zu finden unter c:\_OTL 2. Kontroll-Logs: Starte OTL. Klicke auf Run Scan Poste die beiden Logs - OTL.txt und Extras.txt |
|
24.04.2010, 11:00
| #15 |
| | TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels All processes killed ========== FILES ========== C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T8TEZOEZ folder moved successfully. C:\WINDOWS\system32\xbptaxnnny.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hektor ->Temp folder emptied: 105633587 bytes ->Temporary Internet Files folder emptied: 50909139 bytes ->Java cache emptied: 128094 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 1296 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 3816546 bytes Total Files Cleaned = 153,00 mb Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.2.0 log created on 04242010_115122 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
| Themen zu TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels |
| 2 infizierte dateien, 5 minuten, avira, browser, dateien, e-mails, fehlermeldung, firefox, frage, hängt, infizierte, infizierte dateien, kis, logfile, logfiles, lösung, malwarebytes, mozilla, neue, problem, probleme, programme, seite, suche, surfen, tr/trash.gen, trojaner-board, warnung, werbefenster |
Linear-Darstellung
