| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Script.23483 (Engine A)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2010, 19:58
| #1 |
| |  Trojan.Script.23483 (Engine A) Hallo zusammen, meine G Data Internet Security hat soeben bei einem Scan einen Trojaner entdeckt. Es handelt sich um den Trojan.Script.23483 (Engine A), der sich in der Datei Segment2.cmf im Verzeichnis C:\Windows\rescache\rc0004 befindet. G Data ist leider nicht in der Lage den Trojaner zu löschen, zu isolieren oder in Quarantäne zu schicken. Beim Googlen habe ich nicht wirklich hilfreiche Informationen gefunden. Ich hoffe, dass mir hier jemand weiterhelfen kann. Weiss leider nicht, was der Trojaner bewirkt und wie ich ihn mir wieder vom Hals schaffen kann. Wäre für Hilfe sehr dankbar. Gruß Kai |
|
30.05.2010, 21:30
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Script.23483 (Engine A) Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
30.05.2010, 23:26
| #3 |
| | Trojan.Script.23483 (Engine A) Hallo Arne,
__________________danke schon mal für das Willkommen und die schnelle Antwort. Hier schon mal der erste Teil, die Logdatei malwarebytes. Komischerweise hat die nichts gefunden! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4156 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 31.05.2010 00:22:38 mbam-log-2010-05-31 (00-22-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 228606 Laufzeit: 31 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gruß Kai |
|
30.05.2010, 23:34
| #4 |
| | Trojan.Script.23483 (Engine A) @cosinus Habe mir gerade die Logfiles von OTL angeschaut. Darin werden alle meine Programme und Dateien mit Namen gezeigt. Will diese nicht so gerne hier ins Fourm reinkopieren. Wärst du damit einverstanden, wenn ich dir diese per Nachricht schicke? Gruß Kai |
|
31.05.2010, 09:40
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Script.23483 (Engine A) Mach die Namen mit einem *** oder so unkenntlich.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.05.2010, 10:14
| #6 |
| | Trojan.Script.23483 (Engine A) Das komische ist, dass ich meinen PC auch mit den Programmen Malwarebytes, Ad-Aware und Trojan Remover gescannt habe und nichts gefunden wurde. Nur G Data findet diesesn Trojaner in der besagten Datei. Hier die Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2010 10:56:07 - Run 2 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 61,27 Gb Free Space | 62,81% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 170,09 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 194,11 Gb Free Space | 99,38% Space Free | Partition Type: NTFS Drive F: | 443,23 Gb Total Space | 359,80 Gb Free Space | 81,18% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 58,82 Gb Total Space | 58,73 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive J: | 49,53 Gb Total Space | 45,03 Gb Free Space | 90,91% Space Free | Partition Type: NTFS Drive K: | 40,69 Gb Total Space | 30,45 Gb Free Space | 74,84% Space Free | Partition Type: NTFS Drive L: | 100,00 Mb Total Space | 70,36 Mb Free Space | 70,37% Space Free | Partition Type: NTFS Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Kaubo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - D:\Program Files\*** PRC - D:\Program Files\*** PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\*** PRC - C:\Programme\*** PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - d:\Program Files\*** PRC - C:\Windows\DAODx.exe () PRC - C:\Programme\*** PRC - D:\Program Files\*** PRC - C:\Windows\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Kaubo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (ServiceLayer) -- C:\Program Files\*** SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (AdobeActiveFileMonitor8.0) -- D:\Program Files\Adobe\*** SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- d:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gamersunion.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 A6 37 FF 58 4F CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gamersunion.de/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 15:05:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.22 10:45:22 | 000,000,000 | ---D | M] [2010.01.15 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.15 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nvw9o5fi.default\extensions [2010.04.21 15:21:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.21 15:21:38 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.03.13 23:15:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 23:15:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 23:15:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 23:15:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 23:15:20 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.28 17:46:44 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTCheck] D:\Program Files\Creative\*** O4 - HKLM..\Run: [CTHelper] C:\Windows\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DevconDefaultDB] C:\Windows\READREG.exe (Creative Technology Limited) O4 - HKLM..\Run: [Device Detector] File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [PC Suite Tray] D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Sony Ericsson PC Suite] D:\Program Files\Sony Ericsson*** O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Mit dem LeechGet Wizard laden - D:\Program Files\LeechGet 2007\Wizard.html () O8 - Extra context menu item: Mit LeechGet herunterladen - D:\Program Files\LeechGet 2007\AddUrl.html () O8 - Extra context menu item: Mit LeechGet parsen - D:\Program Files\LeechGet 2007\Parser.html () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.30 23:51:34 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Kaubo\Desktop\OTL.exe [2010.05.30 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\AppData\Roaming\Malwarebytes [2010.05.30 23:45:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.30 23:44:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.30 23:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.30 23:43:24 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kaubo\Desktop\mbam-setup.exe [2010.05.30 21:30:49 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.05.30 21:30:47 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.05.30 21:27:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.30 21:27:37 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.05.30 21:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.05.30 21:21:23 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Kaubo\Desktop\Ad-AwareInstaller.exe [2010.05.30 21:07:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2010.05.30 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software [2010.05.30 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Simply Super Software [2010.05.30 21:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.05.30 21:06:07 | 008,689,096 | ---- | C] (Simply Super Software ) -- C:\Users\***\Desktop\trjsetup681.exe [2010.05.29 17:46:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ebay-400D [2010.05.29 17:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser [2010.05.26 16:21:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kinderwagen [2010.05.26 08:51:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.07 18:30:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.05.03 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\UltraTAGLteDe [2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2010.05.31 10:55:47 | 002,883,584 | ---- | M] () -- C:\Users\Kaubo\NTUSER.DAT [2010.05.31 08:45:26 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.31 08:45:26 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.31 08:38:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.31 08:38:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.31 08:38:11 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys [2010.05.31 00:37:17 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.31 00:37:17 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.31 00:37:17 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.31 00:36:58 | 079,275,638 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.30 23:51:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Kaubo\Desktop\OTL.exe [2010.05.30 23:45:03 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 23:43:42 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kaubo\Desktop\mbam-setup.exe [2010.05.30 21:30:47 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.05.30 21:27:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.30 21:26:14 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.30 21:26:14 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.30 21:26:14 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.30 21:26:14 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.30 21:26:14 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.30 21:25:56 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Kaubo\Desktop\Ad-AwareInstaller.exe [2010.05.30 21:07:49 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.30 21:06:44 | 008,689,096 | ---- | M] (Simply Super Software ) -- C:\Users\Kaubo\Desktop\trjsetup681.exe [2010.05.30 19:02:11 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.30 19:02:11 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.30 19:02:11 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.29 17:18:31 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.05.29 17:18:31 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.05.29 17:15:53 | 000,002,548 | -H-- | M] () -- C:\Users\***\Desktop\ZbThumbnail.info [2010.05.28 19:43:41 | 000,240,511 | ---- | M] () -- C:\Users\***\Desktop\MoniundPina.jpg [2010.05.28 19:39:57 | 000,295,424 | ---- | M] () -- C:\Users\***\Desktop\Roemerbruecke.jpg [2010.05.28 19:39:57 | 000,226,587 | ---- | M] () -- C:\Users\***\Desktop\MonteBaldo+.jpg [2010.05.27 16:12:00 | 000,001,099 | ---- | M] () -- C:\Users\***\AppData\Roaming\ShiftN.ini [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.07 18:35:45 | 000,174,432 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.07 18:35:07 | 002,578,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.07 18:32:31 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk [2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.05.03 08:53:22 | 000,038,134 | ---- | M] () -- C:\Users\***\Desktop\UltraTAGLteDe.zip ========== Files Created - No Company Name ========== [2010.05.30 23:45:03 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 21:27:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.30 21:07:49 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.30 21:07:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.05.30 21:07:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.05.30 21:07:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.05.29 17:18:31 | 000,002,162 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.05.29 17:18:31 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.05.28 19:43:32 | 000,240,511 | ---- | C] () -- C:\Users\***\Desktop [2010.05.28 19:39:57 | 000,226,587 | ---- | C] () -- C:\Users\***\Desktop [2010.05.25 21:38:37 | 000,295,424 | ---- | C] () -- C:\Users\***\Desktop [2010.05.07 18:32:31 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\ [2010.05.03 08:53:21 | 000,038,134 | ---- | C] () -- C:\Users\***\Desktop [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32 [2010.01.10 16:56:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.13 12:06:14 | 000,782,336 | ---- | C] () -- C:\Windows\System32\IlmImf.dll [2009.12.13 12:06:14 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pmtf2.dll [2009.12.13 12:06:14 | 000,269,824 | ---- | C] () -- C:\Windows\System32\PhotomatixLib.dll [2009.12.13 12:06:14 | 000,229,376 | ---- | C] () -- C:\Windows\System32\PhotomatixLib2.dll [2009.12.13 12:06:14 | 000,216,064 | ---- | C] () -- C:\Windows\System32\pmjp.dll [2009.12.13 12:06:14 | 000,205,824 | ---- | C] () -- C:\Windows\System32\pmtf1.dll [2009.12.13 12:06:14 | 000,204,288 | ---- | C] () -- C:\Windows\System32\pmtf3.dll [2009.12.13 12:06:14 | 000,112,128 | ---- | C] () -- C:\Windows\System32\PhotomatixLib3.dll [2009.12.13 12:06:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pmexr.dll [2009.12.13 12:06:14 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmbm.dll [2009.10.21 16:56:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.10.21 16:56:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.10.21 16:31:34 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2009.10.19 10:31:02 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.10.19 10:31:02 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.10.19 10:00:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.10.18 20:44:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.18 19:30:36 | 000,003,906 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.09.27 16:47:40 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2006.08.17 11:33:54 | 000,037,888 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL [2005.06.07 21:10:50 | 000,070,656 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A5B56640 < End of report > |
|
31.05.2010, 10:24
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Script.23483 (Engine A)Zitat:
 Bitte wirklich nur den Namen unkenntlich machen, aber sonst nichts verändern!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2010, 10:30
| #8 |
| | Trojan.Script.23483 (Engine A) Eigentlich nicht, habe nur die Name gelöscht und mit *** ersetzt. Brauchst du noch die 2. Logfile? Da bin ich ja bis morgen dran, die Namen zu ersetzen  Wenn du sie brauchst, poste ich sie natürlich hier rein. Gruß Kai |
|
31.05.2010, 11:23
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Script.23483 (Engine A)Zitat:
PRC - D:\Program Files\***\hieristdasVerzeichnisvomProgramm\datei.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2010, 11:30
| #10 |
| | Trojan.Script.23483 (Engine A) ok, hier unzensiert.... OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2010 10:56:07 - Run 2 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\Kaubo\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 61,27 Gb Free Space | 62,81% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 170,09 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 194,11 Gb Free Space | 99,38% Space Free | Partition Type: NTFS Drive F: | 443,23 Gb Total Space | 359,80 Gb Free Space | 81,18% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 58,82 Gb Total Space | 58,73 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive J: | 49,53 Gb Total Space | 45,03 Gb Free Space | 90,91% Space Free | Partition Type: NTFS Drive K: | 40,69 Gb Total Space | 30,45 Gb Free Space | 74,84% Space Free | Partition Type: NTFS Drive L: | 100,00 Mb Total Space | 70,36 Mb Free Space | 70,37% Space Free | Partition Type: NTFS Computer Name: KAUBO01 Current User Name: Kaubo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Kaubo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) PRC - D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - d:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\DAODx.exe () PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - D:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) PRC - C:\Windows\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Kaubo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (AdobeActiveFileMonitor8.0) -- D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- d:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gamersunion.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 A6 37 FF 58 4F CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gamersunion.de/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 15:05:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.22 10:45:22 | 000,000,000 | ---D | M] [2010.01.15 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\Kaubo\AppData\Roaming\mozilla\Extensions [2010.01.15 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\Kaubo\AppData\Roaming\mozilla\Firefox\Profiles\nvw9o5fi.default\extensions [2010.04.21 15:21:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.21 15:21:38 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.03.13 23:15:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 23:15:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 23:15:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 23:15:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 23:15:20 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.28 17:46:44 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTCheck] D:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\Windows\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DevconDefaultDB] C:\Windows\READREG.exe (Creative Technology Limited) O4 - HKLM..\Run: [Device Detector] File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [PC Suite Tray] D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Sony Ericsson PC Suite] D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Mit dem LeechGet Wizard laden - D:\Program Files\LeechGet 2007\Wizard.html () O8 - Extra context menu item: Mit LeechGet herunterladen - D:\Program Files\LeechGet 2007\AddUrl.html () O8 - Extra context menu item: Mit LeechGet parsen - D:\Program Files\LeechGet 2007\Parser.html () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.30 23:51:34 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Kaubo\Desktop\OTL.exe [2010.05.30 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\AppData\Roaming\Malwarebytes [2010.05.30 23:45:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.30 23:44:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.30 23:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.30 23:43:24 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kaubo\Desktop\mbam-setup.exe [2010.05.30 21:30:49 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.05.30 21:30:47 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.05.30 21:27:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.30 21:27:37 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.05.30 21:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.05.30 21:21:23 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Kaubo\Desktop\Ad-AwareInstaller.exe [2010.05.30 21:07:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2010.05.30 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\Documents\Simply Super Software [2010.05.30 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\AppData\Roaming\Simply Super Software [2010.05.30 21:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.05.30 21:06:07 | 008,689,096 | ---- | C] (Simply Super Software ) -- C:\Users\Kaubo\Desktop\trjsetup681.exe [2010.05.29 17:46:01 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\Desktop\Ebay-400D [2010.05.29 17:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser [2010.05.26 16:21:28 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\Desktop\Kinderwagen [2010.05.26 08:51:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.07 18:30:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.05.03 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\Kaubo\Desktop\UltraTAGLteDe [2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2010.05.31 10:55:47 | 002,883,584 | ---- | M] () -- C:\Users\Kaubo\NTUSER.DAT [2010.05.31 08:45:26 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.31 08:45:26 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.31 08:38:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.31 08:38:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.31 08:38:11 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys [2010.05.31 00:37:17 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.31 00:37:17 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.31 00:37:17 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.31 00:36:58 | 079,275,638 | -H-- | M] () -- C:\Users\Kaubo\AppData\Local\IconCache.db [2010.05.30 23:51:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Kaubo\Desktop\OTL.exe [2010.05.30 23:45:03 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 23:43:42 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kaubo\Desktop\mbam-setup.exe [2010.05.30 21:30:47 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.05.30 21:27:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.30 21:26:14 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.30 21:26:14 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.30 21:26:14 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.30 21:26:14 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.30 21:26:14 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.30 21:25:56 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Kaubo\Desktop\Ad-AwareInstaller.exe [2010.05.30 21:07:49 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.30 21:06:44 | 008,689,096 | ---- | M] (Simply Super Software ) -- C:\Users\Kaubo\Desktop\trjsetup681.exe [2010.05.30 19:02:11 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.30 19:02:11 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.30 19:02:11 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000005-00001102-00000005-00211102}.rfx [2010.05.29 17:18:31 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.05.29 17:18:31 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.05.29 17:15:53 | 000,002,548 | -H-- | M] () -- C:\Users\Kaubo\Desktop\ZbThumbnail.info [2010.05.28 19:43:41 | 000,240,511 | ---- | M] () -- C:\Users\Kaubo\Desktop\MoniundPina.jpg [2010.05.28 19:39:57 | 000,295,424 | ---- | M] () -- C:\Users\Kaubo\Desktop\Roemerbruecke.jpg [2010.05.28 19:39:57 | 000,226,587 | ---- | M] () -- C:\Users\Kaubo\Desktop\MonteBaldo+.jpg [2010.05.27 16:12:00 | 000,001,099 | ---- | M] () -- C:\Users\Kaubo\AppData\Roaming\ShiftN.ini [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.07 18:35:45 | 000,174,432 | ---- | M] () -- C:\Users\Kaubo\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.07 18:35:07 | 002,578,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.07 18:32:31 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk [2010.05.07 16:40:58 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.05.07 16:34:46 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.05.03 08:53:22 | 000,038,134 | ---- | M] () -- C:\Users\Kaubo\Desktop\UltraTAGLteDe.zip ========== Files Created - No Company Name ========== [2010.05.30 23:45:03 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 21:27:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.30 21:07:49 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.30 21:07:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.05.30 21:07:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.05.30 21:07:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.05.29 17:18:31 | 000,002,162 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.05.29 17:18:31 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.05.28 19:43:32 | 000,240,511 | ---- | C] () -- C:\Users\Kaubo\Desktop\MoniundPina.jpg [2010.05.28 19:39:57 | 000,226,587 | ---- | C] () -- C:\Users\Kaubo\Desktop\MonteBaldo+.jpg [2010.05.25 21:38:37 | 000,295,424 | ---- | C] () -- C:\Users\Kaubo\Desktop\Roemerbruecke.jpg [2010.05.07 18:32:31 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk [2010.05.03 08:53:21 | 000,038,134 | ---- | C] () -- C:\Users\Kaubo\Desktop\UltraTAGLteDe.zip [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.01.10 16:56:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.13 12:06:14 | 000,782,336 | ---- | C] () -- C:\Windows\System32\IlmImf.dll [2009.12.13 12:06:14 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pmtf2.dll [2009.12.13 12:06:14 | 000,269,824 | ---- | C] () -- C:\Windows\System32\PhotomatixLib.dll [2009.12.13 12:06:14 | 000,229,376 | ---- | C] () -- C:\Windows\System32\PhotomatixLib2.dll [2009.12.13 12:06:14 | 000,216,064 | ---- | C] () -- C:\Windows\System32\pmjp.dll [2009.12.13 12:06:14 | 000,205,824 | ---- | C] () -- C:\Windows\System32\pmtf1.dll [2009.12.13 12:06:14 | 000,204,288 | ---- | C] () -- C:\Windows\System32\pmtf3.dll [2009.12.13 12:06:14 | 000,112,128 | ---- | C] () -- C:\Windows\System32\PhotomatixLib3.dll [2009.12.13 12:06:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pmexr.dll [2009.12.13 12:06:14 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmbm.dll [2009.10.21 16:56:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.10.21 16:56:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.10.21 16:31:34 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2009.10.19 10:31:02 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.10.19 10:31:02 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.10.19 10:00:51 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.10.18 20:44:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.18 19:30:36 | 000,003,906 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.09.27 16:47:40 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2006.08.17 11:33:54 | 000,037,888 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL [2005.06.07 21:10:50 | 000,070,656 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A5B56640 < End of report > |
|
31.05.2010, 11:48
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Script.23483 (Engine A) Sieht unauffällig aus. Noch Probleme? Gabs in der Zwischenzeit weitere Funde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2010, 12:00
| #12 |
| | Trojan.Script.23483 (Engine A) Ja, jedesmal, wenn ich die Datei mit G Data scanne, findet er den Trojaner, kann ihn aber weder löschen noch in Quarantäne schicken. Gestern hat sich G Data auch mal zwischendruch gemeldet und mich auf den Trojaner in der besagten Datein hingewiesen. Mit den anderen Programmen wurde er nicht gefunden.... |
|
31.05.2010, 12:26
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Script.23483 (Engine A) Ich vermute da eher einen Fehlalarm... Werte die angemeckerte Datei doch mal bei Virustotal aus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2010, 14:05
| #14 |
| | Trojan.Script.23483 (Engine A) Hi Cosinus, erst mal vielen Dank für deine Hilfe, bin jetzt ein wenig beruhigter und werde die Datei mal intensiver scannen. Kannst du dann mal bitte die Logfiles, die ich eingestellt habe "entschärfen". Kann leider meine eigenen Beiträge nicht mehr editieren? Gruß Kai |
|
31.05.2010, 14:58
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Script.23483 (Engine A) Ich kann nichts editieren, melde Deinen Beitrag oder wende Dich an die Admins Da Guru oder Sunny.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Script.23483 (Engine A) |
| bewirkt, c:\windows, data, datei, engine, entdeck, g data, google, hallo zusammen, hilfreiche, hoffe, informationen, interne, internet, löschen, quarantäne, scan, security, troja, trojaner, verzeichnis, weiterhelfen, windows, wirklich, zusammen |
Linear-Darstellung
