| |
| |||||||
Log-Analyse und Auswertung: Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOGWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2010, 21:02
| #1 |
 |  Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG Hallo, es scheint ja momentan umzugehen das Problem: Bei mir öffnen sich im Firefox in unregelmäßigen Abständen neue Tabs, die verschiedenen Seiten laden. Zudem war nach einen Neustart plötzlich ein Teil meiner Desktopicons weg und mein Soundtreiber ist auch abhanden gekommen. Ein Virenscan mit AntiVir hat den Trojaner Generic17.CNOG bei C:\Windows\Temp\hjsr.tmp\svchost.exe gefunden. Dieser lies sich aber nicht in Quarantäne verschieben und tauchte noch ein Paar mal während dem Scan auf. Ich habe HijackThis laufen lassen, danach Malwarebytes und schlussendlich habe ich OTL laufen lassen. Hier die Protokolle: HiJackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:57:41, on 09.06.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Virus\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.quotenmeter.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3 O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - hxxp://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://www.creative.com/su/ocx/15030/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FC7234AD-CCEB-4883-8770-5B5E681E0370}: NameServer = 192.168.2.1,145.253.2.11 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Hama\Common\RalinkRegistryWriter.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4183
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
09.06.2010 19:39:47
mbam-log-2010-06-09 (19-39-47).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131306
Laufzeit: 5 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 09.06.2010 21:08:42 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Windows\system32\config\systemprofile\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): c:\pagefile.sys 4000 5500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,04 Gb Total Space | 30,82 Gb Free Space | 10,70% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SVEN-PC Current User Name: Sven Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.) ========== Modules (SafeList) ========== MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GoogleDesktopManager-110309-193829) -- File not found SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (RalinkRegistryWriter) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe () SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation) DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation) DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI) DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation) DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation) DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation) DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.) DRV - (ZD1211U(Wireless)) IEEE 802.11g USB Adapter Driver(Wireless) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (odysseyIM3) -- C:\Windows\System32\drivers\odysseyIM3.sys (Funk Software, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.quotenmeter.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.quotenmeter.de/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.06.03 18:05:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 15:59:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 17:56:16 | 000,000,000 | ---D | M] [2009.11.04 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions [2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions [2009.11.05 20:31:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\7a7i6kad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.08 23:30:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.24 23:38:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.24 23:38:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.24 23:39:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.24 23:39:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.24 23:39:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.02 20:39:25 | 000,405,211 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 hityou.com O1 - Hosts: 127.0.0.1 www.hityou.com O1 - Hosts: 127.0.0.1 180searchassistant.com O1 - Hosts: 127.0.0.1 www.180searchassistant.com O1 - Hosts: 127.0.0.1 180solutions.com O1 - Hosts: 127.0.0.1 www.180solutions.com O1 - Hosts: 127.0.0.1 bis.180solutions.com O1 - Hosts: 127.0.0.1 config.180solutions.com O1 - Hosts: 127.0.0.1 cts.180solutions.com O1 - Hosts: 127.0.0.1 downloads.180solutions.com O1 - Hosts: 127.0.0.1 installs.180solutions.com O1 - Hosts: 127.0.0.1 nowhere.180solutions.com O1 - Hosts: 127.0.0.1 ping.180solutions.com O1 - Hosts: 127.0.0.1 tv.180solutions.com O1 - Hosts: 127.0.0.1 uploads.180solutions.com O1 - Hosts: 127.0.0.1 public.zangocash.com O1 - Hosts: 127.0.0.1 www.public.zangocash.com O1 - Hosts: 127.0.0.1 static.zangocash.com O1 - Hosts: 127.0.0.1 www.static.zangocash.com O1 - Hosts: 127.0.0.1 www.zangocash.com O1 - Hosts: 127.0.0.1 zangocash.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 14017 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CTxfiHlp] File not found O4 - HKLM..\Run: [CTXFIREG] File not found O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( ) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/su/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Sven\wasserfall_Wall.jpg O24 - Desktop BackupWallPaper: C:\Sven\wasserfall_Wall.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.03.21 11:47:05 | 000,000,000 | ---D | M] - C:\Autogramme -- [ NTFS ] O32 - AutoRun File - [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.02.22 17:08:27 | 000,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2008.02.22 17:08:27 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.02.22 17:08:44 | 000,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ] O33 - MountPoints2\{640bb30c-5a71-11dc-a5d5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{640bb30c-5a71-11dc-a5d5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- File not found O33 - MountPoints2\{72a5207d-59af-11dd-8ee4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{72a5207d-59af-11dd-8ee4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.09 19:40:18 | 000,000,000 | ---D | C] -- C:\Virus [2010.06.09 19:32:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.09 19:32:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.09 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.08 19:34:54 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop [2010.05.21 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Roaming\Ubisoft [2010.05.21 19:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.05.21 19:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2010.05.13 19:19:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.05.13 19:18:43 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites [2009.06.03 20:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.09 21:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job [2010.06.09 21:08:03 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0CBABAD-03E6-492D-8854-334038EB9930}.job [2010.06.09 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At46.job [2010.06.09 20:28:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.09 20:28:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.09 20:25:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.09 20:08:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job [2010.06.09 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job [2010.06.09 19:52:56 | 000,001,930 | ---- | M] () -- C:\Users\Sven\Desktop\HiJackThis.lnk [2010.06.09 19:32:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.09 19:25:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.09 19:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job [2010.06.09 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At44.job [2010.06.09 18:32:33 | 060,860,587 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.06.09 18:29:13 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.06.09 18:29:13 | 000,079,216 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.06.09 18:28:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.09 18:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.09 18:28:52 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys [2010.06.09 18:28:05 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx [2010.06.09 18:28:05 | 000,055,756 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx [2010.06.09 18:28:05 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-0000000A-00001102-00000005-60021102}.rfx [2010.06.08 23:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job [2010.06.08 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At48.job [2010.06.08 22:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job [2010.06.08 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job [2010.06.07 23:58:14 | 002,148,864 | -H-- | M] () -- C:\Users\Sven\AppData\Local\IconCache.db [2010.06.07 23:43:29 | 000,189,952 | ---- | M] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc [2010.06.07 00:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job [2010.06.06 18:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job [2010.06.06 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job [2010.06.06 17:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job [2010.06.06 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At42.job [2010.06.06 16:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job [2010.06.06 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job [2010.06.06 15:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job [2010.06.06 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At40.job [2010.06.06 14:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job [2010.06.06 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job [2010.06.06 13:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job [2010.06.06 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At38.job [2010.06.06 00:37:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job [2010.06.05 12:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job [2010.06.03 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At26.job [2010.06.02 20:39:25 | 000,405,211 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.02 19:05:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010.06.02 19:05:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm [2010.06.02 00:45:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm [2010.05.31 01:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job [2010.05.30 22:42:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.05.30 21:54:18 | 256,334,546 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.05.30 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job [2010.05.30 05:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job [2010.05.30 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At30.job [2010.05.30 04:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job [2010.05.30 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job [2010.05.30 03:09:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job [2010.05.30 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At28.job [2010.05.29 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job [2010.05.21 21:45:28 | 000,000,943 | ---- | M] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk [2010.05.21 13:31:49 | 000,396,837 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100602-203925.backup [2010.05.16 23:49:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\72iA37vT.dat [2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At36.job [2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job [2010.05.16 21:43:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At34.job [2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job [2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job [2010.05.16 21:43:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job [2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job [2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At32.job [2010.05.16 21:43:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job [2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job [2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job [2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job [2010.05.16 21:43:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job [2010.05.13 18:16:16 | 000,000,000 | ---- | M] () -- C:\debug [2010.05.13 14:31:40 | 000,396,739 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100521-133149.backup [2010.05.13 03:03:53 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI [2010.05.13 01:27:32 | 000,118,784 | ---- | M] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.09 19:52:56 | 000,001,930 | ---- | C] () -- C:\Users\Sven\Desktop\HiJackThis.lnk [2010.06.09 19:32:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm [2010.06.02 00:45:21 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm [2010.05.24 16:39:16 | 000,189,952 | ---- | C] () -- C:\Users\Sven\Desktop\SunderedFrontier_Questline.doc [2010.05.21 21:45:28 | 000,000,943 | ---- | C] () -- C:\Users\Sven\Desktop\AssassinsCreed_Game.exe - Verknüpfung.lnk [2010.05.13 19:20:48 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.13 19:20:46 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.13 18:16:16 | 000,000,000 | ---- | C] () -- C:\debug [2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At48.job [2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job [2010.05.13 18:13:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At46.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At44.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At42.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At40.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At38.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At36.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At34.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job [2010.05.13 18:13:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At32.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At30.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At28.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At26.job [2010.05.13 18:13:00 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job [2010.05.13 18:13:00 | 000,000,112 | ---- | C] () -- C:\ProgramData\72iA37vT.dat [2010.05.13 18:09:33 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job [2010.05.13 18:09:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job [2010.05.13 18:09:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job [2010.05.13 18:09:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job [2010.05.13 03:03:53 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.01 00:28:13 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini [2009.06.06 14:54:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.03 21:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.03 21:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.03 20:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2009.03.05 23:48:10 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2007.09.29 18:09:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2007.09.16 13:46:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.10 11:48:17 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL [2007.09.04 01:16:29 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL [2007.09.04 01:16:23 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2007.09.04 01:16:23 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2007.03.19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll [2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll [2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll [2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll [2007.03.19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll [2007.03.19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll [2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll [2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll [2007.03.19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll [2007.03.19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll [2007.03.19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Virtual Me:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Updater:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Turbo Lister Backup:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Red Kawa:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\My PSP8 Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\ICQ Lite:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\DVDVideoSoft:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Sven\Documents\AdobeStockPhotos:Roxio EMC Stream < End of report > |
|
09.06.2010, 21:03
| #2 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG Extras.txt:
__________________Code:
ATTFilter OTL Extras logfile created on: 09.06.2010 21:08:42 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 5500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 30,82 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,09 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive E: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SVEN-PC
Current User Name: Sven
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10BD6006-6A7B-4B69-A759-708779C97AF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F984C49-895A-47B5-9F15-998664FF742F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E39B240-51B7-4165-97C8-A642E8FA6D0E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04735D6E-C376-4EC5-BD36-982E1728AC58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09C7ADB7-CD0B-42F8-9B2D-643AA1093CBC}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{121D4A7C-3674-4A94-9E27-745E7CF68D2B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{24C39D53-5205-4CDF-91B5-25A1C80E36A6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{2E662CAC-29A9-4F66-A728-E780CE150B54}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{38694DFF-77F6-4443-8368-66733104E110}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3A9A872B-1EC8-4364-82B6-124A4A4830F4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{44161BCF-1E08-4072-BA91-CDE4AD6670D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5A91602F-AF4D-4F1D-A13E-8153AFFD6FAD}" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"{5AA490C2-2C03-418E-9FB1-F340B8C1D952}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{7B207452-9734-42D7-8E34-2ACB5E333F75}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{86CDA58A-DA54-452E-9FE7-D8AA365D9B19}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B7639C3E-68D9-40A8-90A6-733F204ADF67}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BFA47DA2-95E2-4404-A664-90210B05270A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C56AFDDE-19EB-43F1-8192-BB6E7437A6EC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C79880C0-93A9-44C6-93C6-474B373E6621}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C7F4A073-331B-48BD-82CB-A0C3FB2D986F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CD21453D-59D5-4931-84F4-4AA524AFCCB3}" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"{CF290A93-F7A3-4FCA-BA5F-881576FA7B5A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CFCC3423-E140-4D01-8838-2155CC198DFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{D9CC0750-6AB4-4A31-85FA-442553B12370}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E90A6116-A9C8-42AD-B756-F91E5CEAE224}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"TCP Query User{47BDEB94-05D1-4C26-8630-5E1B696A93AF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{512BA332-81BA-4328-9813-2D3F829E392B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{572A5923-3391-475D-A78F-4FB8F5E17E46}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5B0569A4-573F-4A92-9F3A-43F31F7592E5}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{6FC6BC32-3F08-43AC-AC94-568DDDB5DE2A}C:\program files\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{9A0077A6-212B-4C66-95FB-83BF11C49E83}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{ACC1A80A-352B-4F92-BE59-9F91F0E62B80}C:\program files\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"TCP Query User{BD0B9C82-44EC-4FC6-9119-39B8F4075E1A}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{BEFAD97F-4E56-4795-A2B3-74B18D2B18BF}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{C5C82749-FD03-4C42-B958-A93F13CAF6D5}F:\programme\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=f:\programme\ws_ftp\ws_ftp95.exe |
"TCP Query User{E3B3A809-3F1D-44A8-BF6E-3BA21DCDEA8D}F:\programme\emule\emule.exe" = protocol=6 | dir=in | app=f:\programme\emule\emule.exe |
"TCP Query User{E7840BE9-DB86-4462-AF3A-6A254932EFD2}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"TCP Query User{E9969EAE-D08F-4DAA-9D52-99FB04AAA2D1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F5333932-D6BD-4FA7-A3B9-A1F7EEA88D95}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F79B8948-4537-4BD4-9BB9-38DB48D124CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{057E689E-1804-45D3-A4F1-4EF825D4C26D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4E139584-41C4-4BCA-AF82-8EC05956A236}F:\programme\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=f:\programme\ws_ftp\ws_ftp95.exe |
"UDP Query User{57D26493-25BD-44F2-AEC8-8CB65BA169A8}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{6537A9BD-7809-4E7E-AC52-2F03976D9F33}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7E4135AF-4503-47E3-9CDE-D251522DFEFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8E0E4D2E-8271-4B78-A9DE-01F0824B58A0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{96DE1DD6-BBF6-4D2C-9EBD-E0AE0860C7A4}C:\program files\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"UDP Query User{976AA348-FC09-4E65-9A72-4299F8B3F27D}C:\program files\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{B9BAD15E-EF3B-4D55-B27F-B1F8A936F763}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{C2E16C10-8D11-479E-970A-BDC0855D8B66}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{C79DA957-096D-4FAB-8533-1539325482AA}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{D8B8D9E5-E556-404D-81B9-60CC64C177DF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{DEA9FACE-8674-47D5-9A38-E1AA7C6EEE9E}F:\programme\emule\emule.exe" = protocol=17 | dir=in | app=f:\programme\emule\emule.exe |
"UDP Query User{F110C22C-3097-4C53-B4C8-83276CBA24B6}C:\program files\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\eq2voiceservice.exe |
"UDP Query User{F9EA058B-F93A-4BF4-9EF1-BC68CFC9B9EE}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49668BEE-D721-449C-82D3-C7561945F706}" = Station Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54212B70-2138-4DF0-91ED-34CADE1CD8E3}" = Station Launcher
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{72FA6F49-E234-47E8-9155-1B6562F6CC8A}" = Windows Live installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II: Rise of Kunark
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7A89413-FB45-4ECE-A893-32DC87F45554}" = Legends of Norrath
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"AudioCS" = Creative Audio-Systemsteuerung
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Download Manager_is1" = Free Download Manager 2.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 1.60
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Star Trek Online" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Videora iPod Converter" = Videora iPod Converter 4.07
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.06.2010 16:20:03 | Computer Name = Sven-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x0004a20d, Prozess-ID 0x1058, Anwendungsstartzeit
01cb067ecf4e9230.
Error - 07.06.2010 16:20:06 | Computer Name = Sven-PC | Source = SDWinSec.exe | ID = 0
Description =
Error - 09.06.2010 12:56:19 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
Error - 09.06.2010 12:56:19 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
Error - 09.06.2010 12:56:23 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
Error - 09.06.2010 12:56:23 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
Error - 09.06.2010 13:52:54 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
Error - 09.06.2010 13:52:54 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
Error - 09.06.2010 13:52:56 | Computer Name = Sven-PC | Source = SPP | ID = 16387
Description =
Error - 09.06.2010 13:52:56 | Computer Name = Sven-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 09.06.2010 12:25:22 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.06.2010 12:29:12 | Computer Name = Sven-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.06.2010 13:40:14 | Computer Name = Sven-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.06.2010 13:45:45 | Computer Name = Sven-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
|
|
10.06.2010, 11:23
| #3 |
| /// Malware-holic   | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG bitte erstelle und poste ein combofix log.
__________________Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
10.06.2010, 19:34
| #4 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG Habe das Programm durchlaufen lassen. Jetzt geht wieder alles normal. Icons sind wieder da und Sound auch. Hier zur Kontrolle das Log. Hoffe das schaut sauber aus: Code:
ATTFilter ComboFix 10-06-09.04 - Sven 10.06.2010 19:54:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3326.2203 [GMT 2:00]
ausgeführt von:: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\%appdata%
c:\windows\system32\cooper.mine
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\nmklo.dll
----- BITS: Eventuell infizierte Webseiten -----
hxxp://amsrrpatch.everquest2.com:7011
Infizierte Kopie von c:\windows\system32\drivers\kbdclass.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-10 bis 2010-06-10 ))))))))))))))))))))))))))))))
.
2010-06-10 18:07 . 2010-06-10 18:10 -------- d-----w- c:\users\Sven\AppData\Local\temp
2010-06-10 18:07 . 2010-06-10 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-10 18:07 . 2010-06-10 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 18:10 . 2009-06-30 23:07 79216 ----a-w- c:\programdata\nvModes.dat
2010-06-10 18:10 . 2008-05-18 20:32 -------- d-----w- c:\programdata\NVIDIA
2010-06-10 17:52 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21 -------- d-----w- c:\programdata\avg9
2010-06-10 16:52 . 2010-06-10 16:52 46592 ----a-w- c:\windows\system32\mounKEYs.dll
2010-06-09 19:30 . 2007-09-07 13:21 88456 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01 -------- d-----w- c:\program files\ICQ6.5
2010-06-08 22:02 . 2008-11-16 10:24 -------- d-----w- c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-08 21:16 . 2009-06-16 17:45 -------- d-----w- c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23 -------- d-----w- c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30 -------- d-----w- c:\program files\iTunes
2010-05-21 17:51 . 2010-05-21 17:51 -------- d-----w- c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43 -------- d-----w- c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25 -------- d-----w- c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 17:37 . 2010-03-20 10:28 -------- d-----w- c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09 -------- d-----w- c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13 112 ----a-w- c:\programdata\72iA37vT.dat
2010-05-16 19:43 . 2007-10-05 09:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-13 17:20 . 2007-09-03 23:27 -------- d-----w- c:\program files\Google
2010-05-13 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-28 23:55 . 2009-09-06 09:03 -------- d-----w- c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33 621704 ----a-w- c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33 123460 ----a-w- c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42 144053 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31 5640640 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
|
|
10.06.2010, 19:50
| #5 |
| /// Malware-holic | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG bis wir fertig sind, deinstaliere erst mal spybot, starte neu. start, programme, zubehör, editor, kopiere ein: Killall:: rootkit:: c:\windows\system32\mounKEYs.dll AtJob:: c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG9\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe c:\program files\Common Files\InstallShield\UpdateService\issch .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe c:\program files\FreePDF_XP\fpassist .exe c:\program files\Google\Google Desktop Search\GoogleDesktop .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\QuickTime\QTTask .exe c:\windows\UpdReg .exe c:\windows\System32\CTXFIHLP .exe c:\windows\System32\CTxfiReg .exe Datei speichern unter, typ alle, name cfscript.txt speicherort, dort wo combofix gespeichert wurde, ziehe cfscript auf combofix, programm startet, log posten |
|
10.06.2010, 21:17
| #6 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG erledigt: Code:
ATTFilter ComboFix 10-06-09.04 - Sven 10.06.2010 21:56:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3326.2272 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll
((((((((((((((((((((((( Dateien erstellt von 2010-05-10 bis 2010-06-10 ))))))))))))))))))))))))))))))
.
2010-06-10 20:01 . 2010-06-10 20:02 -------- d-----w- c:\users\Sven\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-10 20:01 . 2010-06-10 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-10 17:36 . 2010-06-10 17:36 -------- d-----w- C:\%APPDATA%
2010-06-10 16:52 . 2010-06-10 16:52 46592 ----a-w- c:\windows\system32\mounKEYs.dll
2010-06-09 19:58 . 2010-06-09 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-06-09 19:39 . 2010-06-09 19:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-09 17:40 . 2010-06-10 17:36 -------- d-----w- C:\Virus
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 20:05 . 2008-11-16 10:24 -------- d-----w- c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-10 20:02 . 2009-06-30 23:07 79216 ----a-w- c:\programdata\nvModes.dat
2010-06-10 20:02 . 2008-05-18 20:32 -------- d-----w- c:\programdata\NVIDIA
2010-06-10 19:38 . 2007-10-05 09:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-10 17:52 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21 -------- d-----w- c:\programdata\avg9
2010-06-09 19:30 . 2007-09-07 13:21 88456 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01 -------- d-----w- c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45 -------- d-----w- c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23 -------- d-----w- c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30 -------- d-----w- c:\program files\iTunes
2010-05-21 17:51 . 2010-05-21 17:51 -------- d-----w- c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43 -------- d-----w- c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25 -------- d-----w- c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 17:37 . 2010-03-20 10:28 -------- d-----w- c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09 -------- d-----w- c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13 112 ----a-w- c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27 -------- d-----w- c:\program files\Google
2010-05-13 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-28 23:55 . 2009-09-06 09:03 -------- d-----w- c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33 621704 ----a-w- c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33 123460 ----a-w- c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42 144053 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31 5640640 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
|
|
11.06.2010, 10:22
| #7 |
| /// Malware-holic | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG neues combofix script. Killall:: rootkit:: c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\AVG\AVG9\avgtray .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe c:\program files\Common Files\InstallShield\UpdateService\issch .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe c:\program files\FreePDF_XP\fpassist .exe c:\program files\Google\Google Desktop Search\GoogleDesktop .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\QuickTime\QTTask .exe c:\windows\UpdReg .exe c:\windows\System32\CTXFIHLP .exe c:\windows\System32\CTxfiReg .exe c:\windows\system32\mounKEYs.dll ergebniss posten |
|
11.06.2010, 18:25
| #8 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG hier das Protokoll: Code:
ATTFilter ComboFix 10-06-10.06 - Sven 11.06.2010 19:01:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3326.2247 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-11 bis 2010-06-11 ))))))))))))))))))))))))))))))
.
2010-06-11 17:06 . 2010-06-11 17:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 17:06 . 2010-06-11 17:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-11 17:06 . 2010-06-11 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-11 14:45 . 2010-06-11 14:45 -------- d-----w- c:\users\Sven\AppData\Roaming\Avira
2010-06-10 21:47 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 21:47 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-10 21:24 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-10 21:24 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-10 21:24 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-10 21:24 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-10 21:24 . 2010-06-10 21:24 -------- d-----w- c:\programdata\Avira
2010-06-10 21:24 . 2010-06-10 21:24 -------- d-----w- c:\program files\Avira
2010-06-10 20:01 . 2010-06-11 17:09 -------- d-----w- c:\users\Sven\AppData\Local\temp
2010-06-10 17:36 . 2010-06-10 17:36 -------- d-----w- C:\%APPDATA%
2010-06-10 16:52 . 2010-06-10 16:52 46592 ----a-w- c:\windows\system32\mounKEYs.dll
2010-06-09 19:58 . 2010-06-09 19:58 -------- d-----w- c:\windows\system32\config\systemprofile\Office Genuine Advantage
2010-06-09 19:39 . 2010-06-09 19:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-09 17:40 . 2010-06-10 17:36 -------- d-----w- C:\Virus
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 18:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 17:08 . 2009-06-30 23:07 79216 ----a-w- c:\programdata\nvModes.dat
2010-06-11 17:08 . 2008-05-18 20:32 -------- d-----w- c:\programdata\NVIDIA
2010-06-11 17:00 . 2008-11-16 10:24 -------- d-----w- c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-11 14:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 14:37 . 2010-03-06 10:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 19:38 . 2007-10-05 09:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-10 17:52 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-10 17:48 . 2009-11-15 21:21 -------- d-----w- c:\programdata\avg9
2010-06-09 19:30 . 2007-09-07 13:21 88456 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01 -------- d-----w- c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45 -------- d-----w- c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23 -------- d-----w- c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30 -------- d-----w- c:\program files\iTunes
2010-05-26 17:06 . 2010-06-10 21:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:51 . 2010-05-21 17:51 -------- d-----w- c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43 -------- d-----w- c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25 -------- d-----w- c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 18:13 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-19 17:37 . 2010-03-20 10:28 -------- d-----w- c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09 -------- d-----w- c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13 112 ----a-w- c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27 -------- d-----w- c:\program files\Google
2010-05-04 05:59 . 2010-06-10 21:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 21:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 23:55 . 2009-09-06 09:03 -------- d-----w- c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33 621704 ----a-w- c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33 123460 ----a-w- c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42 144053 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31 5640640 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
|
|
11.06.2010, 18:29
| #9 |
| /// Malware-holic | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG ok letztes cfscript: Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- poste das log. |
|
11.06.2010, 18:58
| #10 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG Ich mach das auch noch öfters, wenns hilft  Code:
ATTFilter ComboFix 10-06-10.06 - Sven 11.06.2010 19:43:58.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3326.2314 [GMT 2:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven\Desktop\cfscript.txt
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\mounKEYs.dll
((((((((((((((((((((((( Dateien erstellt von 2010-05-11 bis 2010-06-11 ))))))))))))))))))))))))))))))
.
2010-06-11 17:49 . 2010-06-11 17:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-11 17:49 . 2010-06-11 17:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-11 17:49 . 2010-06-11 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-11 17:19 . 2010-06-11 17:49 -------- d-----w- c:\users\Sven\AppData\Local\temp
2010-06-11 14:45 . 2010-06-11 14:45 -------- d-----w- c:\users\Sven\AppData\Roaming\Avira
2010-06-10 21:47 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 21:47 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-10 21:24 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-10 21:24 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-10 21:24 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-10 21:24 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-10 21:24 . 2010-06-10 21:24 -------- d-----w- c:\programdata\Avira
2010-06-10 21:24 . 2010-06-10 21:24 -------- d-----w- c:\program files\Avira
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 17:32 . 2010-06-09 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 17:32 . 2010-06-09 17:32 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 17:32 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-08 17:35 . 2010-06-10 17:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Free Download Manager
2010-06-08 17:35 . 2010-06-09 16:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-05-12 18:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 17:46 . 2008-11-16 10:24 -------- d-----w- c:\users\Sven\AppData\Roaming\Free Download Manager
2010-06-11 17:22 . 2009-06-30 23:07 79216 ----a-w- c:\programdata\nvModes.dat
2010-06-11 17:22 . 2008-05-18 20:32 -------- d-----w- c:\programdata\NVIDIA
2010-06-11 14:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 14:37 . 2010-03-06 10:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 19:38 . 2007-10-05 09:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 19:37 . 2007-10-05 09:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-10 17:48 . 2009-11-15 21:21 -------- d-----w- c:\programdata\avg9
2010-06-10 16:52 . 2010-06-10 16:52 46592 ----a-w- c:\windows\system32\mounKEYs.dll.vir
2010-06-09 19:30 . 2007-09-07 13:21 88456 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 17:52 . 2010-06-09 17:52 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 16:47 . 2010-06-08 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ICQ
2010-06-09 16:47 . 2009-08-02 10:01 -------- d-----w- c:\program files\ICQ6.5
2010-06-08 21:16 . 2009-06-16 17:45 -------- d-----w- c:\users\Sven\AppData\Roaming\Advanced Combat Tracker
2010-06-08 17:35 . 2008-11-16 10:23 -------- d-----w- c:\program files\Free Download Manager
2010-06-02 17:05 . 2010-06-02 17:05 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 17:05 . 2010-06-02 17:05 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-26 20:02 . 2010-03-20 10:30 -------- d-----w- c:\program files\iTunes
2010-05-26 17:06 . 2010-06-10 21:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:51 . 2010-05-21 17:51 -------- d-----w- c:\users\Sven\AppData\Roaming\Ubisoft
2010-05-21 17:43 . 2010-05-21 17:43 -------- d-----w- c:\programdata\Ubisoft
2010-05-21 17:25 . 2010-05-21 17:25 -------- d-----w- c:\program files\Ubisoft
2010-05-21 17:25 . 2007-09-03 23:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 18:13 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-19 17:37 . 2010-03-20 10:28 -------- d-----w- c:\program files\QuickTime
2010-05-19 17:17 . 2007-09-29 16:09 -------- d-----w- c:\program files\FreePDF_XP
2010-05-16 21:49 . 2010-05-13 16:13 112 ----a-w- c:\programdata\72iA37vT.dat
2010-05-13 17:20 . 2007-09-03 23:27 -------- d-----w- c:\program files\Google
2010-05-04 05:59 . 2010-06-10 21:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 21:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 21:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 21:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 21:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 23:55 . 2009-09-06 09:03 -------- d-----w- c:\users\Sven\AppData\Roaming\vlc
2010-04-19 16:28 . 2006-11-02 15:33 621704 ----a-w- c:\windows\system32\perfh007.dat
2010-04-19 16:28 . 2006-11-02 15:33 123460 ----a-w- c:\windows\system32\perfc007.dat
2010-03-20 10:25 . 2010-03-20 10:25 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-13 21:42 . 2010-03-13 21:42 144053 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:42 . 2010-02-11 19:31 5640640 ----a-w- c:\users\Sven\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
2009-11-16 21:31 . 2009-11-16 21:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-04 06:55 . 2007-09-04 06:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
|
|
11.06.2010, 19:00
| #11 |
| /// Malware-holic | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG VirusTotal - Free Online Virus and Malware Scan dort prüfe bitte: c:\windows\system32\mounKEYs.dll falls datei bereits analysiert, klicke erneut prüfen, poste das ergebniss. |
|
11.06.2010, 19:49
| #12 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG Bei keinem der Virenscanner hat die Datei angeschlagen. Lediglich "Panda" hat sie als "Suspicious" gekennzeichnet. Hier der Rest des Logs: Code:
ATTFilter File size: 46592 bytes
MD5...: 50c0acb976649109af2cb444d02fda6c
SHA1..: d0fc6c0a208cfd814c4f1c19e3099ed44b1d0154
SHA256: 240df23c51618309415527b27a5557cabbb1aa466973e80182f78c7b83b430df
ssdeep: 768:VZtggmIgAI1X4cnwetH320Our/bz9g6KyHNA4kRsyhG22LSBe:VZtRvpIFd9
1/7v9rC9x4LSBe
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x13e7
timedatestamp.....: 0x3e6c1688 (Mon Mar 10 04:37:28 2003)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6000 0x5e00 7.16 3ef45aaa1b6c277bd782f3a6d4271d0e
.data 0x7000 0x1000 0x200 2.75 6c9de7dbdfc2348b90e9dc77e5128ea5
.bdata 0x8000 0x5000 0x5000 7.14 a9419f14a773a38b924a332c83c8d605
.reloc 0xd000 0x1000 0x200 0.50 513b0a5a1382d210d41dac9be2cc5699
( 1 imports )
> KERNEL32.dll: CreateSemaphoreA, OpenThread, GetCurrentThreadId, ExitProcess, GetThreadPriority, LoadLibraryExA
( 2 exports )
CreateProcessNotify, DllEntryPoint
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
|
|
11.06.2010, 20:02
| #13 |
| /// Malware-holic | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG http://www.trojaner-board.de/54791-a...ner-board.html kannst du die mal zu uns hochladen, wie unter punkt2 beschrieben? |
|
11.06.2010, 20:28
| #14 |
| | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG Habe ich gemacht. Danke schonmal für die Mühe! |
|
12.06.2010, 10:35
| #15 |
| /// Malware-holic | Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG |
|
| Themen zu Und wieder mal Tabs mit Werbung - Trojaner Generic17.CNOG |
| 0x00000001, alternate, antivir, avg free, bho, browser, components, corp./icp, error, excel, firefox, firefox 3.6.3, fontcache, free download, google, gupdate, hijack, hijackthis, home premium, intranet, location, logfile, malwarebytes' anti-malware, mozilla, neue tabs, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, problem, programdata, registry, safer networking, scan, searchplugins, security, software, svchost.exe, system, tabs mit werbung, trojaner, usb, virus, vista, werbung, windows, wireless lan |
Linear-Darstellung
