| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimaleware-Doctor-Attacke und troj/FakeAV-***Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.05.2010, 08:46
| #31 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Antimaleware-Doctor-Attacke und troj/FakeAV-*** Bitte wieder mit OSAM deaktivieren und löschen (mit delete from storage, auch die anderen die Du schon deaktiviert hast): Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.05.2010, 22:22
| #32 |
 | Antimaleware-Doctor-Attacke und troj/FakeAV-*** hi arne,
__________________keine AtJobs mehr!? aber ich traue dem braten nicht, das nervige popup kommt immer noch  vg anke Report of OSAM: Autorun Manager v5.0.11926.0 h**p://www.online-solutions.ru/en/ Saved at 23:14:15 on 05.05.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17023 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\WINDOWS\system32\MagicKBD.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "pdfSaver.cpl" - "Tracker Software Products" - C:\WINDOWS\system32\pdfSaver.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl "SRSCpl" - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\srscpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys "Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found) "ASCTRM" (ASCTRM) - ? - C:\WINDOWS\system32\drivers\ASCTRM.sys (File not found) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "B.H.A Storage Helper Driver" (BsStor) - "Cyberlink Co.,Ltd." - C:\WINDOWS\system32\drivers\BsStor.sys "B.H.A UDF Filesystem" (BsUDF) - "CyberLink Corporation." - C:\WINDOWS\system32\drivers\BsUDF.sys "Belkin USB 2.0 to Fast Ethernet Adapter" (AX88172) - "ASIX Electronics Corp." - C:\WINDOWS\System32\DRIVERS\AX88172.sys "Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys "Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "FBAPI" (FBAPI) - ? - C:\WINDOWS\system32\drivers\FBAPI.sys (File not found) "ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\ialmnt5.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MEMIO" (DOSMEMIO) - ? - C:\WINDOWS\system32\MEMIO.SYS (File found, but it contains no detailed information) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "RITCPT" (RITCPT) - ? - C:\WINDOWS\system32\drivers\RITCPT.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "SUE NDIS Protocol Driver" (SUEPD) - "Samsung" - C:\WINDOWS\System32\DRIVERS\SUE_PD.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WOW XT Filter Driver" (wowfilter) - ? - C:\WINDOWS\System32\drivers\wowfilter.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {afc638f0-e8a4-11ce-9ade-00aa00a42d2e} "MS TrueType File Properties" - "Microsoft Corporation" - C:\Programme\OpenType Extension\TTFExtNT.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.5.0" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "AutoUpdate Monitor.lnk" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "MindManager PDF Writer.lnk" - "Tracker Software Products" - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\a1\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - ? - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 7.0" - ? - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (File found, but it contains no detailed information) "AVStation Premium 3.75" - ? - C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe (File not found) "B'sCLiP" - ? - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (File not found) "BatteryManager" - ? - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe (File not found) "CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "DisplayManager" - ? - C:\Programme\Samsung\DisplayManager\DMLoader.exe (File found, but it contains no detailed information) "Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "IJNetworkScanUtility" - ? - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe (File found, but it contains no detailed information) "iTunesHelper" - ? - "C:\Programme\iTunes\iTunesHelper.exe" (File found, but it contains no detailed information) "MagicKeyboard" - ? - C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe (File not found) "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask .exe" -atboottime "RemoteControl" - ? - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (File not found) "RestoreIT!" - ? - "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart (File not found) "SoundMAXPnP" - ? - C:\Programme\Analog Devices\Core\smax4pnp.exe (File not found) "SunJavaUpdateSched" - ? - "C:\Programme\Java\jre6\bin\jusched.exe" (File not found) "SynTPEnh" - ? - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (File not found) "TkBellExe" - ? - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (File found, but it contains no detailed information) "Verknüpfung mit der High Definition Audio-Eigenschaftenseite" - ? - HDAShCut.exe (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Samsung Update Plus" (Samsung Update Plus) - ? - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information) "SNM WLAN Service" (SNM WLAN Service) - ? - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (File found, but it contains no detailed information) "Sophos Anti-Virus" (SAVService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - c:\Programme\Sophos\AutoUpdate\ALsvc.exe "SRS PostInstaller Service" (SRS_PostInstaller) - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe "STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe (File signed by Microsoft | File found, but it contains no detailed information) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll "igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru |
|
06.05.2010, 20:38
| #34 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** violà gruß anke OTL logfile created on: 06.05.2010 21:15:59 - Run 2 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 607,00 Mb Available Physical Memory | 59,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,62 Gb Total Space | 31,48 Gb Free Space | 38,10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE () PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware .exe (SUPERAntiSpyware.com) PRC - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe (RealNetworks, Inc.) PRC - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\SAMSUNG\DisplayManager\DisplayManager.exe (SAMSUNG) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) PRC - C:\Programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe () PRC - C:\WINDOWS\system32\PAStiSvc.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) ========== Win32 Services (SafeList) ========== SRV - (SAVAdminService) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (Sophos AutoUpdate Service) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SAVService) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe () SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc) DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc) DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\BsUDF.sys (CyberLink Corporation.) DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (Cyberlink Co.,Ltd.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys () DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (RITCPT) -- C:\WINDOWS\system32\drivers\RITCPT.SYS () DRV - (AX88172) -- C:\WINDOWS\system32\drivers\AX88172.sys (ASIX Electronics Corp.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\FTSER2K.SYS (FTDI Ltd.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\FTDIBUS.SYS (FTDI Ltd.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {02ffb056-3abb-320b-d592-c3921c590a22}:4.6.6.6 FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.17 20:55:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.03 18:37:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.03 18:37:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 00:47:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.06 15:21:26 | 000,000,000 | ---D | M] [2008.09.04 09:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.05.03 18:39:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions [2010.04.16 08:17:24 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.04.16 08:17:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.16 08:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\isreaditlater@ideashower.com [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\askcom.xml [2010.05.03 18:31:18 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-1.xml [2008.07.06 23:16:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-2.xml [2008.07.09 14:32:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-3.xml [2008.08.02 12:21:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-4.xml [2008.08.07 20:10:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-5.xml [2008.08.11 18:16:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-6.xml [2008.08.22 22:09:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-7.xml [2008.08.24 18:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-8.xml [2008.08.25 10:52:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-9.xml [2008.04.25 19:10:00 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin.xml [2010.05.03 18:39:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 17:25:27 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22} [2010.05.03 18:37:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.05.03 18:37:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.05.03 18:37:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.05.03 18:37:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.05.03 18:37:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 16:37:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe () O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe File not found O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe File not found O4 - HKLM..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DisplayManager] C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe () O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe () O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask .exe (Apple Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe File not found O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE File not found O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe File not found O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe () O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99***-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 13:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.05.04 23:40:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Online Solutions [2010.05.03 19:17:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable [2010.05.01 20:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.05.01 20:48:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.05.01 20:20:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.05.01 15:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.05.01 15:44:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.01 15:44:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.01 15:44:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.01 15:44:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.01 15:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.05.01 15:42:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.01 15:34:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.05.01 15:25:27 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe [2010.05.01 00:37:45 | 000,000,000 | ---D | C] -- C:\_OTL [2010.04.29 22:18:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.28 14:29:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.27 23:26:43 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.27 23:26:42 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.27 23:09:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.27 17:06:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.27 17:06:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.27 14:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2010.04.25 18:45:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.31 22:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real [2010.03.11 18:28:29 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.03.06 20:48:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2010.03.06 20:47:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2010.03.06 20:47:48 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive [2010.03.06 20:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.03.06 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Windows Live [2010.03.04 20:10:20 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.03.03 21:11:39 | 000,130,104 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll ========== Files - Modified Within 90 Days ========== [2010.05.06 21:06:54 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2010.05.06 21:06:50 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.05.06 21:06:45 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.05.06 21:06:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.06 21:06:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.06 21:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.06 21:06:06 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys [2010.05.05 23:26:47 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.05 23:26:47 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.05.05 22:35:13 | 000,046,328 | ---- | M] () -- C:\debug [2010.05.05 22:35:11 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat [2010.05.05 22:35:10 | 000,068,618 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe [2010.05.04 23:46:27 | 000,004,580 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html [2010.05.04 16:37:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.05.04 07:23:50 | 000,000,956 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.03 19:23:38 | 000,104,358 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html [2010.05.03 19:15:26 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar [2010.05.01 20:50:10 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.01 20:46:42 | 008,050,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe [2010.05.01 19:18:56 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe [2010.05.01 16:09:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.01 15:47:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.05.01 15:36:29 | 000,097,502 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg [2010.05.01 15:31:45 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.05.01 15:30:19 | 000,069,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.05.01 15:28:03 | 003,924,810 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe [2010.05.01 15:25:28 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe [2010.05.01 15:11:46 | 000,000,073 | -HS- | M] () -- C:\cj.ini [2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe [2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\WINDOWS\System32\kks637.com [2010.05.01 00:33:22 | 000,035,844 | ---- | M] () -- C:\Dokumente und Einstellungen\***\kks637.com [2010.04.29 22:18:09 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 19:39:47 | 001,558,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.04.27 17:06:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.20 00:07:11 | 000,736,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.04.20 00:07:11 | 000,321,606 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.04.20 00:07:11 | 000,315,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.04.20 00:07:11 | 000,050,046 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.04.20 00:07:11 | 000,041,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.04.16 00:38:31 | 001,227,776 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt [2010.04.16 00:37:29 | 003,196,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt [2010.04.16 00:36:28 | 000,804,377 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf [2010.04.16 00:36:14 | 001,224,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf [2010.04.11 22:56:35 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.04.01 19:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.01 08:36:56 | 000,951,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf [2010.04.01 08:36:32 | 000,049,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf [2010.04.01 08:36:19 | 000,029,955 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf [2010.04.01 08:36:15 | 000,043,571 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf [2010.04.01 02:01:25 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml [2010.04.01 01:48:31 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf [2010.04.01 01:33:30 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf [2010.03.11 14:31:33 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010.03.11 14:31:33 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010.03.11 14:31:33 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010.03.11 14:31:32 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010.03.11 14:31:32 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010.03.11 14:31:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010.03.11 14:31:30 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll [2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010.03.11 14:31:29 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll [2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll [2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll [2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010.03.11 14:31:27 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010.03.11 14:31:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010.03.11 14:31:26 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2010.03.10 15:18:17 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe [2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.02.24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.02.23 07:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll [2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll [2010.02.17 14:04:26 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.02.16 21:04:25 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010.02.16 18:09:54 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010.02.12 12:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.02.12 06:33:08 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys ========== Files Created - No Company Name ========== [2010.05.05 22:41:43 | 000,035,844 | ---- | C] () -- C:\Dokumente und Einstellungen\***\kks637.com [2010.05.05 22:35:13 | 000,046,328 | ---- | C] () -- C:\debug [2010.05.05 22:28:07 | 000,035,844 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe [2010.05.04 23:46:27 | 000,004,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html [2010.05.04 23:42:49 | 000,035,844 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe [2010.05.04 23:29:58 | 000,035,844 | ---- | C] () -- C:\WINDOWS\Fonts\kks637.com [2010.05.04 17:07:54 | 000,035,844 | ---- | C] () -- C:\WINDOWS\System32\kks637.com [2010.05.03 19:23:38 | 000,104,358 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html [2010.05.03 08:51:10 | 000,068,618 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe [2010.05.03 08:51:09 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat [2010.05.01 20:50:10 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.01 20:46:30 | 008,050,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe [2010.05.01 19:21:51 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar [2010.05.01 19:18:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe [2010.05.01 15:47:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.05.01 15:47:24 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.05.01 15:44:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.01 15:44:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.01 15:44:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.01 15:44:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.05.01 15:44:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.05.01 15:36:25 | 000,097,502 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg [2010.05.01 15:31:45 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.05.01 15:28:02 | 003,924,810 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe [2010.04.27 17:06:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 06:55:14 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys [2010.04.16 00:38:31 | 001,227,776 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt [2010.04.16 00:37:28 | 003,196,416 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt [2010.04.16 00:36:28 | 000,804,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf [2010.04.16 00:36:11 | 001,224,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf [2010.04.01 08:36:54 | 000,951,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf [2010.04.01 08:36:32 | 000,049,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf [2010.04.01 08:36:19 | 000,029,955 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf [2010.04.01 08:36:14 | 000,043,571 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf [2010.04.01 02:01:23 | 000,002,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml [2010.04.01 01:48:30 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf [2010.04.01 01:33:29 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf [2010.03.04 20:11:22 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2009.10.09 16:48:27 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\**_KBD.ini [2009.07.27 11:53:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2009.02.22 20:10:01 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2008.10.16 12:54:54 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL [2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2008.05.26 22:18:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2008.05.26 22:18:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008.01.03 02:59:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.10.12 22:56:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2007.10.12 20:16:21 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2007.09.27 21:45:34 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.09.27 21:45:33 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.09.15 10:06:12 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\worst case_KBD.ini [2007.04.13 11:30:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.03.08 11:50:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007.02.04 12:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.02.04 12:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2007.02.04 12:08:44 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll [2007.02.04 12:08:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll [2007.02.04 12:06:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2007.02.04 12:06:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2007.02.04 12:05:05 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini [2007.02.04 01:36:31 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini [2007.02.03 21:06:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.23 08:33:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.10 10:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2006.11.10 10:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.05.23 03:58:19 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.05.23 03:58:19 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.05.23 03:58:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.05.23 03:58:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.05.23 03:58:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.05.22 19:07:49 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2006.05.22 19:07:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2006.05.22 19:07:46 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2006.05.22 19:06:48 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2006.05.22 19:06:46 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2006.05.22 19:06:46 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2006.05.22 19:06:46 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2006.05.22 19:06:46 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2006.05.22 19:06:46 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2006.05.22 19:06:46 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2006.05.22 19:06:46 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2006.05.22 19:06:46 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2006.05.22 19:06:46 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2006.05.22 19:06:46 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2006.05.22 19:06:46 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2006.05.22 19:06:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2006.05.22 19:06:03 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini [2006.05.22 19:04:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.04.05 22:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.04.05 14:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll [2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2005.12.02 15:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.11.28 12:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.11.28 12:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys [2005.11.28 12:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll < End of report > |
|
06.05.2010, 20:40
| #35 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** ... und nummer 2 OTL Extras logfile created on: 06.05.2010 21:15:59 - Run 2 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 607,00 Mb Available Physical Memory | 59,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,62 Gb Total Space | 31,48 Gb Free Space | 38,10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet  isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:* isabled:SPSS Basic Script Editor -- (SPSS Inc.)"C:\Programme\SPSSInc\Statistics17\statistics.com" = C:\Programme\SPSSInc\Statistics17\statistics.com:* isabled:Statistics17:com -- (SPSS Inc.)"C:\Programme\SPSSInc\Statistics17\statistics.exe" = C:\Programme\SPSSInc\Statistics17\statistics.exe:* isabled:Statistics17:exe -- (SPSS Inc.)"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2 "{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus "{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate "{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager "{176130BC-99A1-41FE-A78B-56045E33AD70}" = Cisco Systems VPN Client 4.8.02.0010 "{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0 "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B567E98-126E-4CD0-BF9B-163345BF7852}" = MindManager X5 Pro "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox "{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch "{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1 "{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75 "{BD3443D9-2294-4D47-9A51-4170FE357C6F}" = WinSTAT "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 1.0 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D379964B-685C-44D5-AE46-C953A9FEEA14}" = EPSON Photo Print "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}" = F5U216 "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = SENS LT56ADW Modem "Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung "Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000 "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "CUEcards 2000" = CUEcards 2000 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "f4" = f4 3.0.3 "FileZilla" = FileZilla (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "FTDICOMM" = FTDI USB Serial Converter Drivers "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Indeo® Software" = Indeo® Software "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75 "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6 Gold "InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "Kalenderchen_is1" = Kalenderchen 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MAXQDA2007" = MAXQDA2007 (R290908) "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "MP Navigator EX 1.1" = Canon MP Navigator EX 1.1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "ProInst" = Intel(R) PROSet/Wireless Software "PROPLUS" = Microsoft Office Professional Plus 2007 "RealPlayer 6.0" = RealPlayer "RestoreIT!" = Recover Pro "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.04.2010 18:50:32 | Computer Name = **** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:32 | Computer Name = **** | Source = MsiInstaller | ID = 1024 Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security Update for Publisher 2003 (KB980469): MSPUB" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error - 15.04.2010 18:50:42 | Computer Name = **** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:42 | Computer Name = **** | Source = MsiInstaller | ID = 11606 Description = Produkt: Microsoft Office Professional Edition 2003 -- Fehler 1606. Zugriff auf die Netzwerkadresse %USERPROFILE%\Anwendungsdaten\ war nicht möglich. Error - 15.04.2010 18:50:42 | Computer Name = **** | Source = MsiInstaller | ID = 1024 Description = Produkt: Microsoft Office Professional Edition 2003 - Update "Security Update for PowerPoint 2003 (KB976881): POWERPNT" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error - 25.04.2010 12:47:14 | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073 Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert. MessageResDSFactory kann nicht ausgegeben werden. Error - 25.04.2010 12:47:14 | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073 Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert. MessageResDSFactory kann nicht ausgegeben werden. Error - 27.04.2010 05:45:12 | Computer Name = **** | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6, faulting module mso.dll, version 12.0.6425.1000, stamp 49d65443, debug? 0, fault address 0x000fb8e0. Error - 27.04.2010 08:25:26 | Computer Name = **** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17023, fehlgeschlagenes Modul flash9.ocx, Version 9.0.16.0, Fehleradresse 0x0017995d. Error - 01.05.2010 12:56:02 | Computer Name = **** | Source = SophosAntiVirus | ID = 327685 Description = Der Versuch, einen gelöschten Konfigurationsnode zu verändern, ist fehlgeschlagen. [ OSession Events ] Error - 13.12.2007 11:16:29 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13634 seconds with 5400 seconds of active time. This session ended with a crash. Error - 18.12.2007 16:38:41 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81618 seconds with 2820 seconds of active time. This session ended with a crash. Error - 21.12.2007 05:47:43 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 217901 seconds with 7680 seconds of active time. This session ended with a crash. Error - 23.12.2007 16:04:25 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 209761 seconds with 2880 seconds of active time. This session ended with a crash. Error - 18.01.2008 19:08:33 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 839439 seconds with 32820 seconds of active time. This session ended with a crash. Error - 07.06.2008 13:37:39 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 475771 seconds with 12240 seconds of active time. This session ended with a crash. Error - 25.01.2009 20:56:37 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 317323 seconds with 27060 seconds of active time. This session ended with a crash. Error - 18.03.2009 05:05:26 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 178 seconds with 120 seconds of active time. This session ended with a crash. Error - 13.05.2009 14:23:29 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 114392 seconds with 11400 seconds of active time. This session ended with a crash. Error - 27.04.2010 05:44:25 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3035 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 04.05.2010 17:42:31 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.05.2010 17:42:31 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.05.2010 16:27:34 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.05.2010 16:27:34 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.05.2010 16:40:42 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.05.2010 16:40:42 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.05.2010 17:03:44 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.05.2010 17:03:44 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.05.2010 15:06:20 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASCTRM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.05.2010 15:06:20 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "FBAPI" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
|
07.05.2010, 11:18
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Den unkenntlich gemachten Benutzernamen musst Du wieder in den richtigen verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter files to delete:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kks637.exe
C:\Dokumente und Einstellungen\***\kks637.com
C:\cj.ini
C:\WINDOWS\System32\kks637.com
C:\WINDOWS\Fonts\kks637.com
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ --> Antimaleware-Doctor-Attacke und troj/FakeAV-*** |
|
07.05.2010, 20:03
| #37 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** hallo arne, hier ist das log vom avenger und der link: hxxp://www.file-upload.net/download-2497590/backup.zip.html gruß anke Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CsGly48.dat" deleted successfully. File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iaXk8nI.exe" deleted successfully. File "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kks637.exe" deleted successfully. File "C:\Dokumente und Einstellungen\a1\Lokale Einstellungen\Anwendungsdaten\kks637.exe" deleted successfully. File "C:\Dokumente und Einstellungen\a1\kks637.com" deleted successfully. File "C:\cj.ini" deleted successfully. File "C:\WINDOWS\System32\kks637.com" deleted successfully. File "C:\WINDOWS\Fonts\kks637.com" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
07.05.2010, 21:17
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Ok. Ich hoffe die Dateien sind jetzt dauerhaft weg. Poste bitte erneut ein frisches OTL Log zur Überprüfung (die extras.txt brauch ich nicht) und stell file-age bitte auf 90 Tage.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2010, 21:50
| #39 |
| | Antimaleware-Doctor-Attacke und troj/FakeAV-*** so, hier das frische OTL-Log. aaaber: werbebanner und popups kommen immer noch. ich bin mal mit dem mauszeiger auf eins gegangen und hab die url abgeschrieben. hinter der werbung für nokia steckt ein ganz anderer link: hxxp://ad-emea.doubleclick.net kannst du damit was anfangen? herzlichen gruß anke OTL logfile created on: 07.05.2010 22:30:54 - Run 3 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 605,00 Mb Available Physical Memory | 59,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,62 Gb Total Space | 31,28 Gb Free Space | 37,85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe () PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware .exe (SUPERAntiSpyware.com) PRC - c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe (RealNetworks, Inc.) PRC - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray .exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\SAMSUNG\DisplayManager\DisplayManager.exe (SAMSUNG) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) PRC - C:\Programme\SAMSUNG\Samsung Network Manager\SNMWLANService.exe () PRC - C:\WINDOWS\system32\PAStiSvc.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (SAVAdminService) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (Sophos AutoUpdate Service) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SAVService) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe () SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc) DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc) DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (BsUDF) -- C:\WINDOWS\system32\drivers\BsUDF.sys (CyberLink Corporation.) DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (Cyberlink Co.,Ltd.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SSB2413) -- C:\WINDOWS\system32\drivers\SSB2413.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys () DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (RITCPT) -- C:\WINDOWS\system32\drivers\RITCPT.SYS () DRV - (AX88172) -- C:\WINDOWS\system32\drivers\AX88172.sys (ASIX Electronics Corp.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\FTSER2K.SYS (FTDI Ltd.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\FTDIBUS.SYS (FTDI Ltd.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15015&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {02ffb056-3abb-320b-d592-c3921c590a22}:4.6.6.6 FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.17 20:55:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.03 18:37:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.03 18:37:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.16 00:47:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.06 15:21:26 | 000,000,000 | ---D | M] [2008.09.04 09:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.05.07 22:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions [2010.04.16 08:17:24 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.04.16 08:17:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.16 08:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\extensions\isreaditlater@ideashower.com [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\askcom.xml [2010.05.03 18:31:18 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-1.xml [2008.07.06 23:16:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-2.xml [2008.07.09 14:32:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-3.xml [2008.08.02 12:21:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-4.xml [2008.08.07 20:10:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-5.xml [2008.08.11 18:16:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-6.xml [2008.08.22 22:09:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-7.xml [2008.08.24 18:25:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-8.xml [2008.08.25 10:52:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin-9.xml [2008.04.25 19:10:00 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\8m27lqq2.default\searchplugins\icqplugin.xml [2010.05.07 22:25:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 17:25:27 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{02ffb056-3abb-320b-d592-c3921c590a22} [2010.05.03 18:37:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.05.03 18:37:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.05.03 18:37:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.05.03 18:37:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.05.03 18:37:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 16:37:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe () O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe File not found O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe File not found O4 - HKLM..\Run: [B'sCLiP] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DisplayManager] C:\Programme\SAMSUNG\DisplayManager\DMLoader.exe () O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe () O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask .exe (Apple Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe File not found O4 - HKLM..\Run: [RestoreIT!] C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE File not found O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe File not found O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe () O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe (Tracker Software Products) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 13:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.05.07 20:54:45 | 000,000,000 | ---D | C] -- C:\Avenger [2010.05.04 23:40:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Online Solutions [2010.05.03 19:17:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable [2010.05.01 20:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.01 20:50:06 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.05.01 20:48:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.05.01 20:20:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.05.01 15:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.05.01 15:44:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.01 15:44:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.01 15:44:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.01 15:44:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.01 15:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.05.01 15:42:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.01 15:34:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.05.01 15:25:27 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe [2010.05.01 00:37:45 | 000,000,000 | ---D | C] -- C:\_OTL [2010.04.29 22:18:08 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.28 14:29:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.27 23:26:43 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.27 23:26:42 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.27 23:09:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.27 17:06:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.27 17:06:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.27 17:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.27 14:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2010.04.25 18:45:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.31 22:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real [2010.03.11 18:28:29 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.03.06 20:48:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2010.03.06 20:47:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2010.03.06 20:47:48 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive [2010.03.06 20:47:23 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.03.06 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Windows Live [2010.03.04 20:10:20 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.03.03 21:11:39 | 000,130,104 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll ========== Files - Modified Within 90 Days ========== [2010.05.07 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At46.job [2010.05.07 21:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010.05.07 20:55:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.07 20:55:47 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At72.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At71.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At70.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At69.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At68.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At67.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At66.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At65.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At64.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At63.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At62.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At61.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At60.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At59.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At58.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At57.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At56.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At55.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At54.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At53.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At52.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At51.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At50.job [2010.05.07 20:55:44 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At49.job [2010.05.07 20:55:37 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.05.07 20:55:32 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.05.07 20:55:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.07 20:55:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.07 20:55:11 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys [2010.05.07 20:53:59 | 008,912,896 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.07 20:53:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.05.07 20:45:50 | 000,724,952 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\avenger.zip [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At48.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At47.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At45.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At44.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At43.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At42.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At41.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At40.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At39.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At38.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At37.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At36.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At35.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At34.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At33.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At32.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At31.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At30.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At29.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At28.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At27.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At26.job [2010.05.07 20:44:07 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At25.job [2010.05.06 22:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010.05.06 21:29:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010.05.05 22:35:13 | 000,046,328 | ---- | M] () -- C:\debug [2010.05.04 23:46:27 | 000,004,580 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html [2010.05.04 16:37:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.05.04 07:23:50 | 000,000,956 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.03 19:23:38 | 000,104,358 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html [2010.05.03 19:15:26 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar [2010.05.01 20:50:10 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.01 20:46:42 | 008,050,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe [2010.05.01 19:18:56 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe [2010.05.01 16:09:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.01 15:47:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.05.01 15:36:29 | 000,097,502 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg [2010.05.01 15:31:45 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.05.01 15:30:19 | 000,069,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.05.01 15:28:03 | 003,924,810 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe [2010.05.01 15:25:28 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup231.exe [2010.04.29 22:18:09 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 19:39:47 | 001,558,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.04.27 17:06:17 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.20 00:07:11 | 000,736,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.04.20 00:07:11 | 000,321,606 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.04.20 00:07:11 | 000,315,850 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.04.20 00:07:11 | 000,050,046 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.04.20 00:07:11 | 000,041,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.04.16 00:38:31 | 001,227,776 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt [2010.04.16 00:37:29 | 003,196,416 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt [2010.04.16 00:36:28 | 000,804,377 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf [2010.04.16 00:36:14 | 001,224,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf [2010.04.11 22:56:35 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.04.01 19:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.01 08:36:56 | 000,951,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf [2010.04.01 08:36:32 | 000,049,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf [2010.04.01 08:36:19 | 000,029,955 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf [2010.04.01 08:36:15 | 000,043,571 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf [2010.04.01 02:01:25 | 000,002,120 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml [2010.04.01 01:48:31 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf [2010.04.01 01:33:30 | 000,051,588 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf [2010.03.11 14:31:33 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010.03.11 14:31:33 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010.03.11 14:31:33 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010.03.11 14:31:32 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010.03.11 14:31:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010.03.11 14:31:32 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010.03.11 14:31:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2010.03.11 14:31:32 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010.03.11 14:31:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010.03.11 14:31:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010.03.11 14:31:31 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010.03.11 14:31:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010.03.11 14:31:30 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010.03.11 14:31:30 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010.03.11 14:31:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll [2010.03.11 14:31:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010.03.11 14:31:30 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010.03.11 14:31:29 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010.03.11 14:31:28 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.03.11 14:31:28 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll [2010.03.11 14:31:27 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll [2010.03.11 14:31:27 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010.03.11 14:31:27 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll [2010.03.11 14:31:27 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010.03.11 14:31:27 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010.03.11 14:31:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010.03.11 14:31:26 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010.03.11 14:31:26 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010.03.11 14:31:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2010.03.10 15:18:17 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2010.03.10 15:17:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe [2010.03.10 15:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.02.24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.02.23 07:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll [2010.02.23 07:18:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll [2010.02.17 14:04:26 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.02.16 21:04:25 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010.02.16 21:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.02.16 21:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010.02.16 18:09:54 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010.02.12 12:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.02.12 06:33:08 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys ========== Files Created - No Company Name ========== [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At72.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At71.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At70.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At69.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At68.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At67.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At66.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At65.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At64.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At63.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At62.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At61.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At60.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At59.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At58.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At57.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At56.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At55.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At54.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At53.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At52.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At51.job [2010.05.07 20:55:44 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At50.job [2010.05.07 20:55:43 | 000,035,844 | ---- | C] () -- C:\WINDOWS\Fonts\kks637.com [2010.05.07 20:55:43 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At49.job [2010.05.07 20:46:45 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\avenger.exe [2010.05.07 20:45:43 | 000,724,952 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\avenger.zip [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At48.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At47.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At46.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At45.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At44.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At43.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At42.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At41.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At40.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At39.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At38.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At37.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At36.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At35.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At34.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At33.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At32.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At31.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At30.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At29.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At28.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At27.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At26.job [2010.05.07 20:44:07 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At25.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010.05.06 21:29:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010.05.06 21:29:01 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010.05.05 22:35:13 | 000,046,328 | ---- | C] () -- C:\debug [2010.05.04 23:46:27 | 000,004,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam3.html [2010.05.03 19:23:38 | 000,104,358 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam.html [2010.05.01 20:50:10 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.01 20:46:30 | 008,050,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\SUPERAntiSpyware.exe [2010.05.01 19:21:51 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\osam_autorun_manager_5_0_portable.rar [2010.05.01 19:18:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\5l9rhqgi.exe [2010.05.01 15:47:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.05.01 15:47:24 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.05.01 15:44:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.01 15:44:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.01 15:44:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.01 15:44:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.05.01 15:44:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.05.01 15:36:25 | 000,097,502 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cc_20100501_153525.reg [2010.05.01 15:31:45 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.05.01 15:28:02 | 003,924,810 | R--- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\cofi.exe [2010.04.27 17:06:17 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 06:55:14 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys [2010.04.16 00:38:31 | 001,227,776 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\essen_indive_koenig_16_04_2010.ppt [2010.04.16 00:37:28 | 003,196,416 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\indive Abschlusstagung_Vortrag_ende.ppt [2010.04.16 00:36:28 | 000,804,377 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 _ R+_ EssenExperten_Joosten.pdf [2010.04.16 00:36:11 | 001,224,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_04_16 KompProfilAC_EssenExperten_Joosten.pdf [2010.04.01 08:36:54 | 000,951,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\02_anleitung_est_2007_bmf.pdf [2010.04.01 08:36:32 | 000,049,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\20_anlage_gse_2007_bmf.pdf [2010.04.01 08:36:19 | 000,029,955 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\12_anlage_kind_2007_bmf.pdf [2010.04.01 08:36:14 | 000,043,571 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\10_anlage_n_2007_bmf.pdf [2010.04.01 02:01:23 | 000,002,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ESt_1_A_2007_Mantelbogen.xml [2010.04.01 01:48:30 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf(2).pdf [2010.04.01 01:33:29 | 000,051,588 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\01_est_mantelbogen_2007_bmf.pdf [2010.03.04 20:11:22 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2009.10.09 16:48:27 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\**_KBD.ini [2009.07.27 11:53:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2009.02.22 20:10:01 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2009.02.22 20:10:01 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2008.10.16 12:54:54 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL [2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2008.05.26 22:22:25 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2008.05.26 22:18:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2008.05.26 22:18:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008.01.03 02:59:30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.10.12 22:56:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2007.10.12 20:16:21 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2007.09.27 21:45:34 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.09.27 21:45:33 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.09.15 10:06:12 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\worst case_KBD.ini [2007.04.13 11:30:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.03.08 11:50:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007.02.04 12:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.02.04 12:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2007.02.04 12:08:44 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll [2007.02.04 12:08:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll [2007.02.04 12:06:49 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll [2007.02.04 12:06:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini [2007.02.04 12:05:05 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670G.ini [2007.02.04 01:36:31 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini [2007.02.03 21:06:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.23 08:33:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.10 10:46:36 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2006.11.10 10:46:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.05.23 03:58:19 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.05.23 03:58:19 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.05.23 03:58:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.05.23 03:58:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.05.23 03:58:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.05.22 19:07:49 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2006.05.22 19:07:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2006.05.22 19:07:46 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2006.05.22 19:06:48 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2006.05.22 19:06:46 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2006.05.22 19:06:46 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2006.05.22 19:06:46 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2006.05.22 19:06:46 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2006.05.22 19:06:46 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2006.05.22 19:06:46 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2006.05.22 19:06:46 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2006.05.22 19:06:46 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2006.05.22 19:06:46 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2006.05.22 19:06:46 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2006.05.22 19:06:46 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2006.05.22 19:06:46 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2006.05.22 19:06:46 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2006.05.22 19:06:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2006.05.22 19:06:03 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini [2006.05.22 19:04:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.04.05 22:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.04.05 14:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2006.01.25 15:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll [2006.01.25 15:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2005.12.02 15:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.11.28 12:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.11.28 12:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys [2005.11.28 12:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll < End of report > |
|
07.05.2010, 22:05
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware-Doctor-Attacke und troj/FakeAV-*** Die Dinger sind schon wieder da...probier bitte nochmal einen Durchgang mit Combofix (neu herunterladen und alte cofi.exe löschen) - poste das Log. Wenn das auch nicht fruchtet probieren wir es mit OTLPE: Systemscan mit OTLPE
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
