| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ICQ Virus/Wurm/SpamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.05.2010, 11:25
| #1 |
| |  ICQ Virus/Wurm/Spam Hallo Wie der Titel schon sagt, habe ich einen Virus über ICQ zugeschickt bekommen. Ich weiss nicht ob ihr ihn schon kennt, auf jedenfall wurde mir ein Link gesendet, den ich dann angeklickt habe. Dann kam ich auf eine Seite bei der ich nur etwas runterladen konnte, was ich auch tat... und so naiv wie ich war habe ich diese dann auch ausgeführt. Seitdem öffnet sich manchmal mein Internet Explorer mit diversen Seiten und wenn ich in ICQ Online bin verschickt mein ICQ manchmal den gleichen Link den ich bekommen habe an alle mein Kontakte. Ich habe schon dutzende Male Malwarebytes-Anti-Malware und Avast drüberlaufen lassen und beide Programme finden immer wieder Viren die ich dann auch lösche, aber von Zeit zu Zeit öffnet sich mein Internet Explorer immer wieder ungefragt und mein ICQ verschickt diese Nachrichten. Habe auch schon in mehreren Foren nach Antworten gesucht bis jetzt leider noch ohne Erfolg. Ich hoffe ich habe mein Problem gut genug beschrieben und hoffe noch mehr das ihr mir helfen könnt. Mfg Kröni |
|
19.05.2010, 15:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ICQ Virus/Wurm/Spam Hallo und
__________________ Poste bitte alle vorhandenen Malwarebytes Logfiles - wenn noch nicht gemacht, auch ein Update+ Vollscan mit Malwarytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
19.05.2010, 19:45
| #3 |
| | ICQ Virus/Wurm/Spam Vielen Dank für die schnelle Antwort
__________________ .Hier sind die Logfiles: OTL Extras.txt Code:
ATTFilter OTL Extras logfile created on: 5/19/2010 8:05:58 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Kröni\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 255.44 Gb Free Space | 88.68% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 235.84 Gb Free Space | 79.12% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 931.51 Gb Total Space | 552.33 Gb Free Space | 59.29% Space Free | Partition Type: NTFS
Computer Name: KRÖNIS-PC
Current User Name: Kröni
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winsvcn.exe" = C:\Users\Public\winsvcn.exe:*:Enabled:WindowsUpdateService -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122A9B48-BCE3-4CE1-B7C4-E45EA2D728D6}" = Samsung PC Studio
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free Audio Converter_is1" = Free Audio Converter version 1.4
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 4.6
"Graboid Video" = Graboid Video 1.71
"HotspotShield" = Hotspot Shield 1.41
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"JDownloader" = JDownloader
"Left 4 Dead" = Left 4 Dead
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SeriousSam2" = Serious Sam 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 1.0.1
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/18/2010 6:28:29 PM | Computer Name = Krönis-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 5/18/2010 10:57:32 PM | Computer Name = Krönis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Ebo.exe, version: 0.0.0.0, time stamp:
0x4bd969d3 Faulting module name: Ebo.exe, version: 0.0.0.0, time stamp: 0x4bd969d3
Exception
code: 0xc0000005 Fault offset: 0x0000e402 Faulting process id: 0xd3c Faulting application
start time: 0x01caf6fef285a7e8 Faulting application path: C:\Users\KRNI~1\AppData\Local\Temp\Ebo.exe
Faulting
module path: C:\Users\KRNI~1\AppData\Local\Temp\Ebo.exe Report Id: 44907c6b-62f2-11df-87f1-001aa091b0cd
Error - 5/18/2010 11:44:04 PM | Computer Name = Krönis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Ebo.exe, version: 0.0.0.0, time stamp:
0x4bd969d3 Faulting module name: Ebo.exe, version: 0.0.0.0, time stamp: 0x4bd969d3
Exception
code: 0xc0000005 Fault offset: 0x0000e402 Faulting process id: 0xa9c Faulting application
start time: 0x01caf7052d317042 Faulting application path: C:\Users\KRNI~1\AppData\Local\Temp\Ebo.exe
Faulting
module path: C:\Users\KRNI~1\AppData\Local\Temp\Ebo.exe Report Id: c492eaed-62f8-11df-87f1-001aa091b0cd
Error - 5/19/2010 4:35:02 AM | Computer Name = Krönis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Ebo.exe, version: 0.0.0.0, time stamp:
0x4bd969d3 Faulting module name: Ebo.exe, version: 0.0.0.0, time stamp: 0x4bd969d3
Exception
code: 0xc0000005 Fault offset: 0x0000e402 Faulting process id: 0x8b4 Faulting application
start time: 0x01caf72e1d46d8d5 Faulting application path: C:\Users\KRNI~1\AppData\Local\Temp\Ebo.exe
Faulting
module path: C:\Users\KRNI~1\AppData\Local\Temp\Ebo.exe Report Id: 6a5dc077-6321-11df-87f1-001aa091b0cd
Error - 5/19/2010 4:51:44 AM | Computer Name = Krönis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 3548.exe, version: 0.0.0.0, time stamp:
0x2a425e19 Faulting module name: winmm.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb42 Exception code: 0xc0000005 Fault offset: 0x0002013f Faulting process id:
0x8e4 Faulting application start time: 0x01caf73080a23639 Faulting application path:
C:\Users\Kröni\AppData\Local\Temp\3548.exe Faulting module path: C:\Windows\system32\winmm.dll
Report
Id: bf975b21-6323-11df-87f1-001aa091b0cd
Error - 5/19/2010 4:52:18 AM | Computer Name = Krönis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 7000.exe, version: 0.0.0.0, time stamp:
0x2a425e19 Faulting module name: winmm.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb42 Exception code: 0xc0000005 Fault offset: 0x0002013f Faulting process id:
0xf34 Faulting application start time: 0x01caf7309540d583 Faulting application path:
C:\Users\Kröni\AppData\Local\Temp\7000.exe Faulting module path: C:\Windows\system32\winmm.dll
Report
Id: d40c2aaf-6323-11df-87f1-001aa091b0cd
Error - 5/19/2010 5:31:12 AM | Computer Name = Krönis-PC | Source = Application Hang | ID = 1002
Description = The program ICQ.exe version 7.1.0.2096 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 8d8 Start Time:
01caf734e481d3f0 Termination Time: 10 Application Path: C:\Program Files\ICQ7.0\ICQ.exe
Report
Id:
Error - 5/19/2010 5:50:46 AM | Computer Name = Krönis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Ebu.exe, version: 0.0.0.0, time stamp:
0x4bd969d3 Faulting module name: Ebu.exe, version: 0.0.0.0, time stamp: 0x4bd969d3
Exception
code: 0xc0000005 Fault offset: 0x0000e402 Faulting process id: 0x125c Faulting application
start time: 0x01caf738557c001b Faulting application path: C:\Users\KRNI~1\AppData\Local\Temp\Ebu.exe
Faulting
module path: C:\Users\KRNI~1\AppData\Local\Temp\Ebu.exe Report Id: fed31029-632b-11df-87f1-001aa091b0cd
Error - 5/19/2010 6:32:00 AM | Computer Name = Krönis-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 5/19/2010 6:43:41 AM | Computer Name = Krönis-PC | Source = Windows Search Service | ID = 1019
Description =
[ System Events ]
Error - 5/17/2010 10:54:38 PM | Computer Name = Krönis-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
Error - 5/18/2010 6:04:10 AM | Computer Name = Krönis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 5/18/2010 6:27:26 PM | Computer Name = Krönis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:26:38 on ?19.?05.?2010 was unexpected.
Error - 5/18/2010 7:21:44 PM | Computer Name = Krönis-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.
Error - 5/18/2010 7:21:45 PM | Computer Name = Krönis-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.
Error - 5/18/2010 7:21:45 PM | Computer Name = Krönis-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.
Error - 5/18/2010 7:21:46 PM | Computer Name = Krönis-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.
Error - 5/18/2010 7:21:46 PM | Computer Name = Krönis-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.
Error - 5/18/2010 7:22:14 PM | Computer Name = Krönis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avast! Antivirus service.
Error - 5/18/2010 7:22:17 PM | Computer Name = Krönis-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume L: encountered
a non-retryable error and could not start. The data contains the error code.
< End of report >
Code:
ATTFilter OTL logfile created on: 5/19/2010 8:05:58 PM - Run 2 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Kröni\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free 4.00 Gb Paging File | 2.00 Gb Available in Paging File | 44.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.04 Gb Total Space | 255.44 Gb Free Space | 88.68% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 235.84 Gb Free Space | 79.12% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.10% Space Free | Partition Type: NTFS Unable to calculate disk information. G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 931.51 Gb Total Space | 552.33 Gb Free Space | 59.29% Space Free | Partition Type: NTFS Computer Name: KRÖNIS-PC Current User Name: Kröni Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Kröni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\Malware-Bytes.exe (Malwarebytes Corporation) PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - D:\Games\World of Warcraft\Wow.exe (Blizzard Entertainment) PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Kröni\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 E8 87 D5 36 BE CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 17:39:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/15 18:45:46 | 000,000,000 | ---D | M] [2010/03/07 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Kröni\AppData\Roaming\Mozilla\Extensions [2010/05/19 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\extensions [2010/05/19 00:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/03/14 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\extensions\foxyproxy@eric.h.jung [2010/05/18 21:38:52 | 000,000,950 | ---- | M] () -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\searchplugins\icqplugin-1.xml [2010/02/03 15:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\searchplugins\icqplugin.xml [2010/05/19 13:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010/01/16 02:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/16 02:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/16 02:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/16 02:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iihffcsys] C:\Windows\System32\opmlmm.dll (RealWorld Graphics) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [nnmnmmdrv] C:\Windows\System32\iihgdc.dll (RealWorld Graphics) O4 - HKLM..\Run: [WindowsUpdateService] C:\Users\Public\winsvcn.exe () O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [vtrpnmdrv] C:\Windows\System32\iihgdc.dll (RealWorld Graphics) O4 - HKCU..\Run: [WindowsUpdateService] C:\Users\Public\winsvcn.exe () O4 - Startup: C:\Users\Kröni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Kröni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kröni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (opmlmm.dll) - C:\Windows\System32\opmlmm.dll (RealWorld Graphics) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{937099f3-39da-11df-b41e-001aa091b0cd}\Shell - "" = AutoRun O33 - MountPoints2\{937099f3-39da-11df-b41e-001aa091b0cd}\Shell\AutoRun\command - "" = O:\AUTORUN.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/19 20:04:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Kröni\Desktop\OTL.exe [2010/05/19 12:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/05/19 12:27:45 | 000,000,000 | ---D | C] -- C:\rsit [2010/05/18 12:37:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/18 12:37:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/18 12:06:53 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\Malwarebytes [2010/05/18 12:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/18 12:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/17 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\Audacity [2010/05/17 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode) [2010/05/16 14:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/05/16 14:08:37 | 000,000,000 | ---D | C] -- C:\Fraps [2010/05/16 03:31:50 | 000,089,600 | -H-- | C] (RealWorld Graphics) -- C:\Windows\System32\iihgdc.dll [2010/05/16 03:26:46 | 000,087,040 | -H-- | C] (RealWorld Graphics) -- C:\Windows\System32\opmlmm.dll [2010/05/15 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer [2010/05/15 18:50:05 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\Free Download Manager [2010/05/15 18:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG [2010/05/15 00:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Local\Adobe [2010/05/15 00:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/05/09 10:05:03 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\GetRight [2010/05/09 09:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2010/05/08 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\dvdcss [2010/05/08 14:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010/05/08 14:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kröni\Documents\Electronic Arts [2010/05/08 01:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Video mp3 Extractor [2010/05/08 01:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2010/05/05 09:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010/05/05 09:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010/05/05 09:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010/05/03 15:15:45 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\AVS4YOU [2010/05/01 11:48:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010/04/30 14:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2010/04/28 13:52:53 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010/04/28 13:52:53 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010/04/27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010/04/26 19:08:36 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\DVDVideoSoftIEHelpers [2010/04/24 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Kröni\Documents\SketchPad Backgrounds [2010/04/21 23:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/04/21 23:52:11 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2010/04/21 23:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield [2010/04/21 23:47:22 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\vlc [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/19 20:07:11 | 001,835,008 | -HS- | M] () -- C:\Users\Kröni\NTUSER.DAT [2010/05/19 20:04:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Kröni\Desktop\OTL.exe [2010/05/19 19:39:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/19 12:50:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/19 12:50:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/19 12:47:05 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/19 12:47:05 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/05/19 12:47:05 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/19 12:47:05 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/05/19 12:47:05 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/19 12:44:56 | 000,824,681 | ---- | M] () -- C:\Users\Kröni\Desktop\RSIT.exe [2010/05/19 12:42:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/19 12:42:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/19 12:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/19 12:42:39 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys [2010/05/19 12:41:27 | 004,346,018 | -H-- | M] () -- C:\Users\Kröni\AppData\Local\IconCache.db [2010/05/19 07:00:36 | 000,183,808 | ---- | M] () -- C:\Windows\Etugya.exe [2010/05/19 00:42:45 | 000,001,197 | ---- | M] () -- C:\Users\Kröni\Desktop\DVDVideoSoft Free Studio.lnk [2010/05/18 13:41:43 | 000,001,831 | ---- | M] () -- C:\Users\Kröni\Desktop\CCleaner.lnk [2010/05/18 05:40:21 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/05/17 11:48:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2010/05/16 03:31:51 | 000,089,600 | -H-- | M] (RealWorld Graphics) -- C:\Windows\System32\iihgdc.dll [2010/05/16 03:26:46 | 000,087,040 | -H-- | M] (RealWorld Graphics) -- C:\Windows\System32\opmlmm.dll [2010/05/15 19:32:10 | 000,001,291 | ---- | M] () -- C:\Users\Kröni\Desktop\World of Warcraft Installer.lnk [2010/05/12 19:30:42 | 000,007,680 | ---- | M] () -- C:\Users\Kröni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/07 12:58:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010/05/06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/05/06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/04/30 14:36:21 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010/04/22 17:29:22 | 000,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/04/22 17:23:43 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk [2010/04/21 23:54:20 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2010/04/20 16:00:48 | 000,000,462 | ---- | M] () -- C:\Users\Kröni\Desktop\E-PLATTE.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/19 12:44:54 | 000,824,681 | ---- | C] () -- C:\Users\Kröni\Desktop\RSIT.exe [2010/05/19 07:00:40 | 000,183,808 | ---- | C] () -- C:\Windows\Etugya.exe [2010/05/18 05:40:21 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/05/15 19:19:55 | 000,001,291 | ---- | C] () -- C:\Users\Kröni\Desktop\World of Warcraft Installer.lnk [2010/04/30 14:36:21 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2010/04/22 17:23:43 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk [2010/04/21 23:54:20 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2010/03/26 21:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010/03/13 19:36:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/03/12 20:14:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4118
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
5/19/2010 8:44:03 PM
mbam-log-2010-05-19 (20-44-03).txt
Scan type: Full scan (C:\|D:\|E:\|L:\|)
Objects scanned: 225247
Time elapsed: 39 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsupdateservice (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vtrpnmdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nnmnmmdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awuvuudrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awuvuudrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iihffcsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxxysys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iihhfcsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebxxysys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iihhfcsys (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Public\winsvcn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
|
|
19.05.2010, 20:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ICQ Virus/Wurm/Spam Ähm, hast Du erst OTL und dann Malwarebytes ausgeführt? Es sollte eigentlich andersrum sein, da mit der Löschung von Malwarebytes sich auf das Log von OTL verändert. Erstell dann bitte ein neues OTL-Log (otl.txt, das extras brauch ich nicht nochmal)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2010, 20:33
| #5 |
| | ICQ Virus/Wurm/Spam Alles Klar, hier der neue Log: OTL OTL.txt Code:
ATTFilter OTL logfile created on: 5/19/2010 9:25:02 PM - Run 3 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Kröni\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.04 Gb Total Space | 255.44 Gb Free Space | 88.68% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 235.84 Gb Free Space | 79.12% Space Free | Partition Type: NTFS Drive E: | 10.00 Gb Total Space | 9.91 Gb Free Space | 99.10% Space Free | Partition Type: NTFS Unable to calculate disk information. G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 931.51 Gb Total Space | 552.33 Gb Free Space | 59.29% Space Free | Partition Type: NTFS Computer Name: KRÖNIS-PC Current User Name: Kröni Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Kröni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Kröni\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 E8 87 D5 36 BE CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 17:39:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/15 18:45:46 | 000,000,000 | ---D | M] [2010/03/07 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Kröni\AppData\Roaming\Mozilla\Extensions [2010/05/19 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\extensions [2010/05/19 00:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/03/14 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\extensions\foxyproxy@eric.h.jung [2010/05/18 21:38:52 | 000,000,950 | ---- | M] () -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\searchplugins\icqplugin-1.xml [2010/02/03 15:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Kröni\AppData\Roaming\Mozilla\Firefox\Profiles\ewftsygv.default\searchplugins\icqplugin.xml [2010/05/19 13:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010/01/16 02:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/16 02:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/16 02:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/16 02:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\Malware-Bytes.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [vtuurqdrv] C:\Windows\System32\iihgdc.dll (RealWorld Graphics) O4 - HKLM..\Run: [yaabyysys] C:\Windows\System32\opmlmm.dll (RealWorld Graphics) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [vtutuvdrv] C:\Windows\System32\iihgdc.dll (RealWorld Graphics) O4 - HKCU..\Run: [WindowsUpdateService] C:\Users\Public\winsvcn.exe File not found O4 - Startup: C:\Users\Kröni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Kröni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kröni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (opmlmm.dll) - C:\Windows\System32\opmlmm.dll (RealWorld Graphics) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{937099f3-39da-11df-b41e-001aa091b0cd}\Shell - "" = AutoRun O33 - MountPoints2\{937099f3-39da-11df-b41e-001aa091b0cd}\Shell\AutoRun\command - "" = O:\AUTORUN.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/19 20:04:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Kröni\Desktop\OTL.exe [2010/05/19 12:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/05/19 12:27:45 | 000,000,000 | ---D | C] -- C:\rsit [2010/05/18 12:37:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/18 12:37:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/18 12:06:53 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\Malwarebytes [2010/05/18 12:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/18 12:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/17 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\Audacity [2010/05/17 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode) [2010/05/16 14:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/05/16 14:08:37 | 000,000,000 | ---D | C] -- C:\Fraps [2010/05/16 03:31:50 | 000,089,600 | -H-- | C] (RealWorld Graphics) -- C:\Windows\System32\iihgdc.dll [2010/05/16 03:26:46 | 000,087,040 | -H-- | C] (RealWorld Graphics) -- C:\Windows\System32\opmlmm.dll [2010/05/15 18:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer [2010/05/15 18:50:05 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\Free Download Manager [2010/05/15 18:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG [2010/05/15 00:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Local\Adobe [2010/05/15 00:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/05/09 10:05:03 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\GetRight [2010/05/09 09:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2010/05/08 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\dvdcss [2010/05/08 14:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010/05/08 14:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kröni\Documents\Electronic Arts [2010/05/08 01:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Video mp3 Extractor [2010/05/08 01:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2010/05/05 09:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010/05/05 09:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010/05/05 09:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010/05/03 15:15:45 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\AVS4YOU [2010/05/01 11:48:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010/04/30 14:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2010/04/28 13:52:53 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010/04/28 13:52:53 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010/04/27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010/04/26 19:08:36 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\DVDVideoSoftIEHelpers [2010/04/24 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Kröni\Documents\SketchPad Backgrounds [2010/04/21 23:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/04/21 23:52:11 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2010/04/21 23:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield [2010/04/21 23:47:22 | 000,000,000 | ---D | C] -- C:\Users\Kröni\AppData\Roaming\vlc [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/19 21:25:20 | 001,835,008 | -HS- | M] () -- C:\Users\Kröni\NTUSER.DAT [2010/05/19 20:44:14 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xebxfooo.sys [2010/05/19 20:39:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/19 20:04:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Kröni\Desktop\OTL.exe [2010/05/19 12:50:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/19 12:50:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/19 12:47:05 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/19 12:47:05 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/05/19 12:47:05 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/19 12:47:05 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/05/19 12:47:05 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/19 12:44:56 | 000,824,681 | ---- | M] () -- C:\Users\Kröni\Desktop\RSIT.exe [2010/05/19 12:42:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/19 12:42:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/19 12:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/19 12:42:39 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys [2010/05/19 12:41:27 | 004,346,018 | -H-- | M] () -- C:\Users\Kröni\AppData\Local\IconCache.db [2010/05/19 07:00:36 | 000,183,808 | ---- | M] () -- C:\Windows\Etugya.exe [2010/05/19 00:42:45 | 000,001,197 | ---- | M] () -- C:\Users\Kröni\Desktop\DVDVideoSoft Free Studio.lnk [2010/05/18 13:41:43 | 000,001,831 | ---- | M] () -- C:\Users\Kröni\Desktop\CCleaner.lnk [2010/05/18 05:40:21 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/05/17 11:48:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2010/05/16 03:31:51 | 000,089,600 | -H-- | M] (RealWorld Graphics) -- C:\Windows\System32\iihgdc.dll [2010/05/16 03:26:46 | 000,087,040 | -H-- | M] (RealWorld Graphics) -- C:\Windows\System32\opmlmm.dll [2010/05/15 19:32:10 | 000,001,291 | ---- | M] () -- C:\Users\Kröni\Desktop\World of Warcraft Installer.lnk [2010/05/12 19:30:42 | 000,007,680 | ---- | M] () -- C:\Users\Kröni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/07 12:58:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010/05/06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/05/06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/04/30 14:36:21 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010/04/22 17:29:22 | 000,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/04/22 17:23:43 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk [2010/04/21 23:54:20 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2010/04/20 16:00:48 | 000,000,462 | ---- | M] () -- C:\Users\Kröni\Desktop\E-PLATTE.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/19 20:44:14 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xebxfooo.sys [2010/05/19 12:44:54 | 000,824,681 | ---- | C] () -- C:\Users\Kröni\Desktop\RSIT.exe [2010/05/19 07:00:40 | 000,183,808 | ---- | C] () -- C:\Windows\Etugya.exe [2010/05/18 05:40:21 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/05/15 19:19:55 | 000,001,291 | ---- | C] () -- C:\Users\Kröni\Desktop\World of Warcraft Installer.lnk [2010/04/30 14:36:21 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2010/04/22 17:23:43 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk [2010/04/21 23:54:20 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2010/03/26 21:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010/03/13 19:36:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/03/12 20:14:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Geändert von Kröni (19.05.2010 um 20:48 Uhr) |
|
| Themen zu ICQ Virus/Wurm/Spam |
| antworten, avast, diverse, explorer, foren, gesendet, gesuch, gesucht, icq, icqspam, icqvirus, icqwurm, interne, internet, internet explorer, link, online, problem, programme, runterladen, seite, seiten, trojaner, ungefragt, verschickt, viren, virus, worte, öffnet |
Linear-Darstellung
