|
Log-Analyse und Auswertung: Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zackWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2010, 21:41 | #1 |
| Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Guten Abend. Ich habe leider genau dasselbe Problem, ich doofe Kuh. Sohn öffnet Bild bei ICQ und zack, da isse die Malware. Meine OTL Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2010 22:26:51 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Fussel\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 137,71 Gb Free Space | 48,13% Space Free | Partition Type: NTFS Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FUSSEL-PC Current User Name: Fussel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.09 22:25:35 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Fussel\Downloads\OTL.exe PRC - [2010.06.09 21:57:03 | 000,169,472 | ---- | M] () -- C:\Users\Fussel\AppData\Local\Temp\Wlg.exe PRC - [2010.06.09 21:57:01 | 000,164,864 | ---- | M] () -- C:\Windows\Wdecya.exe PRC - [2010.06.09 21:56:04 | 000,101,376 | RHS- | M] () -- C:\Users\Public\winscdvn.exe PRC - [2010.06.08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.1\ICQ.exe PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe PRC - [2010.05.11 12:00:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2010.04.09 14:13:26 | 002,388,616 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe PRC - [2010.03.31 15:05:00 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.03.18 05:52:18 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2009.11.19 18:31:05 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.08.16 14:01:16 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.03 19:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2009.04.03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2009.04.03 19:54:40 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2009.03.05 09:43:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2008.11.05 13:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2008.09.23 14:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.10.10 15:11:08 | 000,827,392 | ---- | M] () -- C:\Windows\vsnp325.exe ========== Modules (SafeList) ========== MOD - [2010.06.09 22:25:35 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Fussel\Downloads\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2009.04.03 19:54:52 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\SysHook.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/rswin_3697.dll () SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys () DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.10 19:08:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.11 20:23:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.11 12:01:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.11 12:01:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.02 01:07:41 | 000,000,000 | ---D | M] [2009.10.02 17:02:17 | 000,000,000 | ---D | M] -- C:\Users\Fussel\AppData\Roaming\mozilla\Extensions [2010.06.09 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions [2009.10.04 20:52:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.10 00:12:06 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2010.04.01 14:27:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.22 04:56:58 | 000,002,280 | ---- | M] () -- C:\Users\Fussel\AppData\Roaming\Mozilla\FireFox\Profiles\mg4vub6x.default\searchplugins\google-und-download-suche.xml [2010.06.08 09:53:04 | 000,000,955 | ---- | M] () -- C:\Users\Fussel\AppData\Roaming\Mozilla\FireFox\Profiles\mg4vub6x.default\searchplugins\icqplugin.xml [2010.06.03 20:37:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.02 17:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.02 01:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.08.09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\PDFNetC.dll [2009.08.09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2009.12.18 18:01:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.18 18:01:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.18 18:01:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.18 18:01:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.18 18:01:22 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Fussel\AppData\Local\Temp\Wlg.exe () O4 - HKCU..\Run: [Windows Firewall Manager] C:\Users\Public\winscdvn.exe () O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fussel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Fussel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{0e546035-97ca-11de-a08e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0e546035-97ca-11de-a08e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\{76848f31-2b57-11df-a2ba-d6f8f63da935}\Shell - "" = AutoRun O33 - MountPoints2\{76848f31-2b57-11df-a2ba-d6f8f63da935}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{76848f40-2b57-11df-a2ba-d6f8f63da935}\Shell - "" = AutoRun O33 - MountPoints2\{76848f40-2b57-11df-a2ba-d6f8f63da935}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{8d4816d0-51cf-11df-af97-f1f0fd1cea34}\Shell - "" = AutoRun O33 - MountPoints2\{8d4816d0-51cf-11df-af97-f1f0fd1cea34}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{963c9356-5db5-11df-8213-d38c16d55e61}\Shell\AutoRun\command - "" = aodvmh.exe O33 - MountPoints2\{963c9356-5db5-11df-8213-d38c16d55e61}\Shell\explore\Command - "" = aodvmh.exe O33 - MountPoints2\{963c9356-5db5-11df-8213-d38c16d55e61}\Shell\open\Command - "" = aodvmh.exe O33 - MountPoints2\{981c1920-486f-11df-a4df-fc6cd591d733}\Shell\AutoRun\command - "" = explorer . O33 - MountPoints2\{981c1920-486f-11df-a4df-fc6cd591d733}\Shell\mobile\command - "" = E:\MobileLaunch.exe -- File not found O33 - MountPoints2\{ba75c75e-1c6a-11df-ac82-b9e65b4d1834}\Shell - "" = AutoRun O33 - MountPoints2\{ba75c75e-1c6a-11df-ac82-b9e65b4d1834}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{d4d66e5a-2c3a-11df-a73b-ad39bb6ccb3b}\Shell - "" = AutoRun O33 - MountPoints2\{d4d66e5a-2c3a-11df-a73b-ad39bb6ccb3b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{f1923e31-b054-11de-a04c-00238bf71a34}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.09 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\Fussel\AppData\Roaming\SUPERAntiSpyware.com [2010.06.09 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.06.09 22:31:04 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.06.09 22:22:26 | 000,000,000 | ---D | C] -- C:\Users\Fussel\AppData\Roaming\Uniblue [2010.06.09 22:22:08 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.06.05 04:06:38 | 000,000,000 | ---D | C] -- C:\Programme\Diablo II [2010.06.03 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Fussel\Documents\Stronghold Crusader [2010.06.03 18:16:25 | 000,000,000 | ---D | C] -- C:\Programme\Firefly Studios [2010.06.02 01:07:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.02 01:07:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.02 01:07:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.02 01:07:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.26 17:03:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.17 22:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.05.17 22:19:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR [2010.05.17 20:51:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai [2010.05.11 12:01:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared [2009.12.26 22:10:08 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll [2009.12.26 22:10:08 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll [2009.12.26 22:10:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll [2009.04.26 18:30:10 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2005.09.13 01:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2004.02.16 21:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2010.06.09 22:33:57 | 003,145,728 | ---- | M] () -- C:\Users\Fussel\NTUSER.DAT [2010.06.09 22:31:08 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.06.09 22:30:06 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.09 22:09:59 | 001,566,246 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.09 22:09:59 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.09 22:09:59 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.09 22:09:59 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.09 22:09:59 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.09 22:06:46 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.09 22:05:12 | 000,127,214 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.06.09 22:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.09 22:04:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.09 22:04:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.09 22:04:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.09 22:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.09 22:02:07 | 000,524,288 | -HS- | M] () -- C:\Users\Fussel\NTUSER.DAT{3b93c066-c60b-11de-830e-00238bf71a34}.TMContainer00000000000000000001.regtrans-ms [2010.06.09 22:02:07 | 000,065,536 | -HS- | M] () -- C:\Users\Fussel\NTUSER.DAT{3b93c066-c60b-11de-830e-00238bf71a34}.TM.blf [2010.06.09 22:01:52 | 005,107,251 | -H-- | M] () -- C:\Users\Fussel\AppData\Local\IconCache.db [2010.06.09 21:57:01 | 000,164,864 | ---- | M] () -- C:\Windows\Wdecya.exe [2010.06.09 21:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.09 21:32:29 | 000,127,214 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.06.08 17:44:37 | 000,100,864 | ---- | M] () -- C:\Users\Fussel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.06 15:34:28 | 000,041,516 | ---- | M] () -- C:\Users\Fussel\Desktop\Stundenplan_Schuljahr_2009-2010_KW23_2010_01.pdf [2010.06.05 04:36:57 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll [2010.06.05 04:36:57 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll [2010.06.05 04:36:57 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.11 12:01:33 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2010.05.11 12:01:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2010.05.11 12:01:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll ========== Files Created - No Company Name ========== [2010.06.09 22:31:08 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.06.09 21:57:08 | 000,164,864 | ---- | C] () -- C:\Windows\Wdecya.exe [2010.06.09 21:57:05 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.09 21:57:03 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.06 15:34:28 | 000,041,516 | ---- | C] () -- C:\Users\Fussel\Desktop\Stundenplan_Schuljahr_2009-2010_KW23_2010_01.pdf [2010.06.05 04:15:07 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.06.05 04:15:07 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.06.05 04:15:07 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.04.08 18:46:06 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.04.08 18:45:49 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010.03.10 00:30:27 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.02 01:01:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.03.02 00:58:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.03.02 00:58:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.12.26 22:28:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.12.26 22:28:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.12.26 22:10:09 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2009.11.22 15:54:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.10.20 20:03:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.03 18:06:18 | 000,000,605 | ---- | C] () -- C:\Windows\WININIT.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.10.13 18:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys [2004.02.28 01:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE0A077E @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > -> Wäre super, wenn ihr mir helfen könntet. LG |
10.06.2010, 09:16 | #2 |
| Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Also hm.
__________________Ich hab jetzt SUPERAntiSpyware durchlaufen lassen, der hat einiges gefunden und auch gelöscht. Ist es jetzt sicher, dass das alles weg ist? |
10.06.2010, 10:28 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Hallo und
__________________Poste bitte das Log von SUPERAntiSpyware
__________________ |
10.06.2010, 13:31 | #4 |
| Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Ich glaube das ist das richtige oder? SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/10/2010 at 02:23 PM Application Version : 4.38.1004 Core Rules Database Version : 5054 Trace Rules Database Version: 2866 Scan type : Quick Scan Total Scan Time : 00:34:30 Memory items scanned : 720 Memory threats detected : 0 Registry items scanned : 563 Registry threats detected : 0 File items scanned : 24245 File threats detected : 2 Adware.Tracking Cookie C:\Users\Fussel\AppData\Roaming\Microsoft\Windows\Cookies\fussel@doubleclick[2].txt C:\Users\Fussel\AppData\Roaming\Microsoft\Windows\Cookies\fussel@atwola[1].txt |
10.06.2010, 13:37 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Das waren nur Cookies und keine Schädlinge!! hast Du Malwarebytes schon laufen lassen?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.06.2010, 14:41 | #6 |
| Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Ja wie gesagt, hab es alleine hinbekommen |
10.06.2010, 14:44 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack Wo hast Du das gesagt? Hat SUPERAntiSpyware wirklich nur das gefunden?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack |
0 bytes, adblock, alternate, avgntflt.sys, components, corp./icp, cyberghost, d:\autorun.inf, excel.exe, fontcache, home premium, iastor.sys, launch, local\temp, location, mssql, nvlddmkm.sys, nvstor.sys, oldtimer, plug-in, programdata, searchplugins, staropen |