|
Plagegeister aller Art und deren Bekämpfung: Ärger mit Antimaleware Doctor, stäniger Phishing Alarm..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.06.2010, 11:46 | #1 | |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Moin, moin, mich plagt folgendes: - hatte offensichtlich den antimalware doctor auf meinem PC, diesen konnte ich mit rkill und malewarebytes entfernen.. log datei: Zitat:
es wurde bei einem Scan von malewarebytes zumindest nichts mehr angezeigt. - seitdem schlägt Kaspersky ständig Phishing-Alarm: Phishing-Adresse hxxp://*.mfdclk001.org/* URL: hxxp://cdn.mfdclk001.org/cvt4Y50e677qGbu1e83e09b89bcd0055893f76bf710383d606x ..und sehr ähnlich lautenden Webadressen. Auch ohne, dass ich einen Browser offen habe oder mich aktiv im Web bewege. Zusäzlich wollte der Internet Explorer nicht mehr starten. - Ein Zurücksetzen des Systems brachte auch keine Verbesserung, außer dass der IE wieder funktioniert. Jetzt zeigte allerdings Kaspersky in der Monitorüberwachung: trojanisches Programm Packed.Win32.Krap.gx Datei: C:\Windows\Temp\hivq.tmp\svchost.exe.. das erfolgreich gelöscht wurde. Weiterhin ständiger Phishing Alarm.. Für Hilfe wär ich sehr dankbar.. Danke im voraus. Geändert von kekxx (17.06.2010 um 12:19 Uhr) |
17.06.2010, 12:20 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Hallo und
__________________bitte Malwarebytes updatenm einen Vollscan machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
18.06.2010, 13:04 | #3 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. So, Hausaufgaben gemacht:
__________________malwarebytes logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4208 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18813 18.06.2010 03:45:36 mbam-log-2010-06-18 (03-45-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 325664 Laufzeit: 2 Stunde(n), 9 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OLT OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.06.2010 07:19:48 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\kx\Desktop\AntiTrojan Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18813) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,46 Gb Total Space | 103,01 Gb Free Space | 45,69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 98,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KXLAP-PC Current User Name: kx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-230490968-2256458397-3403659227-1003] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035459F4-D587-4889-B084-E01EC6269CBE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{227F0ABC-8811-4AB9-80BE-3160AA6F869C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{393B5DE7-6022-4848-B438-83D619E8AB20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3A21998E-8A5A-4EC2-A3C2-E6554C2666E8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{3D8F62F2-35E7-4834-9772-AAF079B10DDD}" = rport=137 | protocol=17 | dir=out | app=system | "{3EFAD67E-837E-4864-BCB7-EE1A7880A297}" = rport=445 | protocol=6 | dir=out | app=system | "{432B8D4A-63DB-4CFB-935F-CE345B500DEE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\rpcagentsrv.exe | "{441ED1E0-55C9-4960-AFC8-2850B69A16A8}" = lport=2869 | protocol=6 | dir=in | app=system | "{4453AE5B-4F51-424A-8957-9B6EDFBAC4DE}" = lport=139 | protocol=6 | dir=in | app=system | "{4A13E2F0-E3B9-40C0-8723-E4EDDF0AB378}" = lport=138 | protocol=17 | dir=in | app=system | "{54FD5BB5-CA98-4C9F-BBD8-947848C19671}" = lport=2869 | protocol=6 | dir=in | app=system | "{64ECD930-7AE6-4334-B533-B9FDE2C41BD0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{7B5A74CB-EED0-4CD9-9ED4-7819224E8F94}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{819EF401-E358-49F0-A0E0-B932A2EEDE49}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{83D3604B-6D1E-45DB-8FC5-B1ADF20150CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{94BDB50B-24EB-4E59-A9B6-0547EF919D0E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{97E34C69-1757-4FB8-9B57-4377478506FB}" = lport=445 | protocol=6 | dir=in | app=system | "{9E39152E-E807-4E8A-949D-0C96DF06E9CB}" = rport=139 | protocol=6 | dir=out | app=system | "{9F875182-CEA0-4686-8109-3F17F0C289C3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{A0AC2CEC-2D01-42E5-9BC2-97C778E5BE95}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{AA1743A9-5E8F-43E6-AAB7-851FF956326C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{AD5B55D2-1EEC-4040-9CF0-A1E7C8F235DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BF42F428-5ACF-4BE9-9CE4-7CD0BC99C678}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{D297A756-51CB-407D-BA38-85F983DA6560}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DDD68741-D4E6-4BBF-8D84-A7C7AB986BBD}" = rport=138 | protocol=17 | dir=out | app=system | "{E720B21A-EFE3-4C30-8056-5AA8B6A884B2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2\wnt500x86\rpcsandrasrv.exe | "{E7FA5187-D76A-4DDF-9725-A6B50FEBD733}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05B21781-DF24-41E3-908A-813CF437A52A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | "{0783BBE2-FADA-4550-804B-51C7CE182319}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | "{0791F3DB-462D-4FEE-BD04-84C2EBF71F98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{101EC962-A789-4A39-8162-D73C8E1A2EB7}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{111DED44-C5B0-4C4A-8ABE-A2E1552E482C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{1634D392-FF09-41F7-A7CE-DED60CBA7E50}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{1952F676-F8D7-468B-AB9B-D8D3B34AD624}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | "{1B60498C-950F-4E8B-8464-162F6B7E3413}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{1D4A529F-1079-41C7-99C8-F9F1A632367B}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | "{1DDCC06E-9D69-46B9-B268-F29FBFD90DEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{23399F84-2403-4CDF-9529-7BF01119701F}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{25FB12F0-ABF7-46C9-BD7D-85FB59A8112B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{28850ED7-191D-4C56-9E87-47A420856BC7}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{29CB74AA-28C0-466F-BF3B-4170F67876B6}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | "{31B376D9-B2FB-400A-953D-065C166AF3AD}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{3859B97C-9CED-403D-BD56-8BF2F3AF996F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3A32695C-8CC1-48AF-A788-F646E5908F6F}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{4B1E6EF7-ED05-40DE-9068-E22BAC72FEA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{4F6FAEBC-34C6-4AB9-A5FE-14B16DA3AAC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5436CF2C-0D34-4E1B-9C6D-2E55CD0721C0}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{64DF8E46-6DD9-4C0C-87C5-1DE84EAFF507}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{65CC4B07-B8EB-4F16-BBA2-13DB1669572A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{66EC58C2-48D8-4F3A-B7DA-DF12B35638EB}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | "{678BC69A-FEAD-4832-A673-F80446678A05}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{716EE6F4-08BD-4C92-865A-586F5B5AC3D7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{7866BDC5-2B0F-4E2E-9479-64654C7A4AEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{78BB710C-176B-49EC-82E3-9BB96BF29399}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7E2A726E-A1F0-4359-9AE7-9EB47C174B82}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{7F7C49A1-2302-48D2-B7D3-0C8DD24217CE}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{890D1C70-806B-440C-A074-3480A751CCFA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{97541A85-4042-498D-9674-B36D8CC43E41}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | "{98E717C1-52F5-4520-9F87-4F6168B7781E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{9B7B1739-2E57-41AE-8FB0-E7E3CB24BACA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{A1D3B302-5BE6-4FF4-9749-D2CBC1E692E5}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{A48AA985-5FCE-4688-BB66-E1B819A2A17E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{A97EADD9-CCCF-434A-AE0D-744C78BFCD38}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{B639BD01-9604-45DD-B818-F47BC1BD0F20}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{B7FB5DF6-7190-4043-BC84-A4D51933639C}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | "{B986DF42-3243-41C2-9F74-8BA68448D674}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{C05517EC-DFC8-4B6E-B402-3E9898C27A31}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{C30B561E-04C2-4DAC-81C6-3BDFA7F80857}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{C3B23F84-660D-4347-8000-628114F17FA0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{C4CBA205-8461-4780-9BD3-F9E943B824F1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{C684C93D-3F94-4FDD-9EDD-FB5E8AA7B005}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{C781C5D8-50E5-4A0B-9D93-5C460C65E60C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{CBFC6609-8E57-400B-A2B3-292FD511677E}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{DB320933-E36F-48F9-8994-4DD589E0F5AA}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | "{DF855101-E53B-4F49-AB34-F4E405C3FEB5}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{ED600144-5F4F-4A76-BFFB-0C04CA6C3442}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{FD1AC544-DC24-4245-B757-FB2E50DC7757}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009 "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3 "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0 "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0 "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop "{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media "{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2 "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home "{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1 "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager "{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2 "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{DDB263D3-2FD7-47BF-850E-9851EFFF6C6C}" = Sony Ericsson Media Manager 1.1 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E7A9DCC5-8D19-4B95-BED8-2DB41F920F11}" = Microsoft WorldWide Telescope "{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool "{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop "{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition) "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "7-Zip" = 7-Zip 4.57 "abw_Standard" = ABW - Harrison "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only) "Big Fish Games Center" = Big Fish Games Center "Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only) "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CCleaner" = CCleaner (remove only) "CDex" = CDex extraction audio "ClearProg" = ClearProg 1.5.0 Final "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "dt icon module" = "Easy MP3 Joiner_is1" = Easy MP3 Joiner 2.9 "Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die! "EPSON Printer and Utilities" = EPSON-Drucker-Software "Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Google Desktop" = Google Desktop "Google Updater" = Google Updater "gtfirstboot Setting Request" = "HotspotShield" = Hotspot Shield 1.34 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo "InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE "Joost" = Joost (tm) Beta 1.1.4 "KeePass Password Safe_is1" = KeePass Password Safe 1.14 "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MarketingTools" = Vaio Marketing Tools "MediaMonkey_is1" = MediaMonkey 3.0 "MFU Module" = "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Miro" = Miro "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17) "MPE" = MyPhoneExplorer "Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only) "New LEGO Digital Designer" = LEGO Digital Designer "NVIDIA Drivers" = NVIDIA Drivers "Nvidia Omega Drivers for Windows Vistav1.169.25" = Nvidia Omega Drivers v1.169.25 Setup Files and Tools "OpenAL" = OpenAL "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01 "Picasa 3" = Picasa 3 "PROHYBRIDR" = 2007 Microsoft Office system "RealPlayer 6.0" = RealPlayer "Shareaza_is1" = Shareaza 2.3.1.0 "SopCast" = SopCast 3.0.3 "The Rosetta Stone" = The Rosetta Stone "TIPP10_is1" = TIPP10 Version 2.0.3 "TmNations_is1" = TrackMania Nations ESWC 1.7.9 "Tobit ClipInc Server" = Tobit.Software clipinc.fx "TrueCrypt" = TrueCrypt "Tunatic" = Tunatic "Uninstall_is1" = Uninstall 1.0.0.1 "VAIO Help and Support" = "VAIO_My Club VAIO" = My Club VAIO "VideoCacheView" = VideoCacheView "Virtual Villagers" = Virtual Villagers (remove only) "VLC media player" = VLC media player 1.0.0 "WinLiveSuite_Wave3" = Windows Live Essentials "Xvid_is1" = Xvid 1.1.3 final uninstall "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar "Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2010 07:19:48 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\kx\Desktop\AntiTrojan Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18813) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,46 Gb Total Space | 103,01 Gb Free Space | 45,69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 98,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KXLAP-PC Current User Name: kx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\kx\Desktop\AntiTrojan\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\BumpTop\TexHelper.exe () PRC - C:\Programme\BumpTop\BumpTop.exe () PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2\RpcAgentSrv.exe (SiSoftware) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\kx\Desktop\AntiTrojan\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\scrchpg.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\r3hook.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2\RpcAgentSrv.exe (SiSoftware) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (VzFw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2\WNt500x86\sandra.sys (SiSoftware) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PalmUSBD) -- C:\Windows\System32\drivers\PalmUSBD.sys (Palm, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.33 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2 FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:1.5.41.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.17 16:55:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.07 23:31:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.27 14:03:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.14 02:39:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.12.27 14:03:29 | 000,000,000 | ---D | M] [2009.12.23 20:41:18 | 000,000,000 | ---D | M] -- C:\Users\kx\AppData\Roaming\mozilla\Extensions [2008.05.07 23:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kx\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2009.12.23 20:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kx\AppData\Roaming\mozilla\Extensions\{e3368f8a-0a96-0512-556c-bd9111a57f35} [2009.09.18 01:07:24 | 000,000,000 | ---D | M] -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions [2009.09.18 01:07:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.03 20:11:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.06.24 22:12:47 | 000,000,000 | ---D | M] (Hotspot Shield Toolbar) -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2009.07.02 23:30:58 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2009.07.02 23:31:12 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2009.07.02 23:30:36 | 000,000,000 | ---D | M] -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\piclens@cooliris.com [2009.07.02 23:30:36 | 000,000,000 | ---D | M] -- C:\Users\kx\AppData\Roaming\mozilla\Firefox\Profiles\0380rjku.default\extensions\piclens@cooliris.com-trash [2008.08.12 14:08:09 | 000,000,000 | ---D | M] -- C:\Users\kx\AppData\Roaming\mozilla\Sunbird\Profiles\ivrntsvm.default\extensions [2009.08.24 23:22:36 | 000,000,930 | ---- | M] () -- C:\Users\kx\AppData\Roaming\Mozilla\FireFox\Profiles\0380rjku.default\searchplugins\facebook.xml [2009.09.16 02:24:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.03.26 19:14:04 | 000,066,208 | ---- | M] (Joost Technologies B.V. ) -- C:\Programme\Mozilla Firefox\plugins\npJoostPlugin.dll [2009.08.25 01:42:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.25 01:42:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.25 01:42:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.25 01:42:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.25 01:42:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\R3HOOK.DLL) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\r3hook.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\ADIALHK.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\kx\Pictures\kx phone\DSC00240.jpg O24 - Desktop BackupWallPaper: C:\Users\kx\Pictures\kx phone\DSC00240.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.24 08:23:02 | 000,000,038 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{122e99eb-5d9f-11de-bbb8-001a80b8c311}\Shell - "" = AutoRun O33 - MountPoints2\{122e99eb-5d9f-11de-bbb8-001a80b8c311}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{4a7a7dba-cd1d-11de-a32e-001a80b8c311}\Shell - "" = AutoRun O33 - MountPoints2\{4a7a7dba-cd1d-11de-a32e-001a80b8c311}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{67d6c57e-0b12-11dd-bea3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{67d6c57e-0b12-11dd-bea3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2005.10.28 13:27:20 | 010,695,204 | R--- | M] (Macromedia, Inc.) O33 - MountPoints2\{777898dc-5364-11de-8545-001f3b1333d7}\Shell - "" = AutoRun O33 - MountPoints2\{777898dc-5364-11de-8545-001f3b1333d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{7778993d-5364-11de-8545-001f3b1333d7}\Shell - "" = AutoRun O33 - MountPoints2\{7778993d-5364-11de-8545-001f3b1333d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{f554dd1b-1420-11df-aca5-001a80b8c311}\Shell - "" = AutoRun O33 - MountPoints2\{f554dd1b-1420-11df-aca5-001a80b8c311}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{f554dd43-1420-11df-aca5-001a80b8c311}\Shell - "" = AutoRun O33 - MountPoints2\{f554dd43-1420-11df-aca5-001a80b8c311}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.17 13:06:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.17 13:06:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.17 12:55:12 | 000,000,000 | ---D | C] -- C:\Users\kx\Desktop\AntiTrojan [2010.06.16 01:00:52 | 000,000,000 | ---D | C] -- C:\Users\kx\Desktop\PDF [2010.06.15 12:02:21 | 000,000,000 | ---D | C] -- C:\Users\kx\AppData\Roaming\Malwarebytes [2010.06.15 12:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.15 12:02:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.15 00:33:36 | 000,000,000 | ---D | C] -- C:\Users\kx\Desktop\OTR [2010.06.14 23:58:17 | 000,000,000 | ---D | C] -- C:\Users\kx\AppData\Roaming\04D25B83F4AE68836BAEBABE7C9BAD38 [2010.06.10 20:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.18 07:24:38 | 004,718,592 | -HS- | M] () -- C:\Users\kx\ntuser.dat [2010.06.18 07:17:48 | 788,983,584 | ---- | M] () -- C:\Windows\System32\drivers\fidbox.dat [2010.06.18 06:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.18 05:30:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 05:30:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.17 23:36:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.17 23:30:47 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.06.17 23:30:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.17 13:02:20 | 000,164,298 | ---- | M] () -- C:\Users\kx\AppData\Roaming\nvModes.001 [2010.06.17 13:02:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.17 13:01:33 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2010.06.17 13:00:33 | 010,529,336 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx [2010.06.17 12:59:24 | 000,524,288 | -HS- | M] () -- C:\Users\kx\ntuser.dat{013b0cd8-7993-11df-b169-967564355ad0}.TMContainer00000000000000000002.regtrans-ms [2010.06.17 12:59:24 | 000,524,288 | -HS- | M] () -- C:\Users\kx\ntuser.dat{013b0cd8-7993-11df-b169-967564355ad0}.TMContainer00000000000000000001.regtrans-ms [2010.06.17 12:59:24 | 000,065,536 | -HS- | M] () -- C:\Users\kx\ntuser.dat{013b0cd8-7993-11df-b169-967564355ad0}.TM.blf [2010.06.17 10:55:12 | 000,002,371 | ---- | M] () -- C:\Users\kx\Desktop\Skype.lnk [2010.06.17 10:50:25 | 000,001,908 | ---- | M] () -- C:\Users\kx\Documents\cc_20100617_1050.reg [2010.06.17 10:17:56 | 000,524,288 | -HS- | M] () -- C:\Users\kx\ntuser.dat{752dc5a8-786a-11df-9702-ed7e4996775b}.TMContainer00000000000000000001.regtrans-ms [2010.06.17 10:17:56 | 000,065,536 | -HS- | M] () -- C:\Users\kx\ntuser.dat{752dc5a8-786a-11df-9702-ed7e4996775b}.TM.blf [2010.06.17 10:17:54 | 002,678,764 | -H-- | M] () -- C:\Users\kx\AppData\Local\IconCache.db [2010.06.16 00:56:58 | 000,524,288 | -HS- | M] () -- C:\Users\kx\ntuser.dat{752dc5a8-786a-11df-9702-ed7e4996775b}.TMContainer00000000000000000002.regtrans-ms [2010.06.16 00:26:28 | 000,524,288 | -HS- | M] () -- C:\Users\kx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.16 00:26:28 | 000,065,536 | -HS- | M] () -- C:\Users\kx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.15 13:44:40 | 000,164,298 | ---- | M] () -- C:\Users\kx\AppData\Roaming\nvModes.dat [2010.05.26 23:53:21 | 761,877,792 | ---- | M] () -- C:\Windows\System32\drivers\fidbox(175).dat [2010.05.22 00:13:45 | 010,137,776 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox(176).idx [2010.05.20 22:56:31 | 001,574,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.20 22:56:31 | 000,678,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.20 22:56:31 | 000,636,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.20 22:56:31 | 000,147,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.20 22:56:31 | 000,119,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.17 10:50:21 | 000,001,908 | ---- | C] () -- C:\Users\kx\Documents\cc_20100617_1050.reg [2010.06.17 10:30:11 | 000,524,288 | -HS- | C] () -- C:\Users\kx\ntuser.dat{013b0cd8-7993-11df-b169-967564355ad0}.TMContainer00000000000000000002.regtrans-ms [2010.06.17 10:30:11 | 000,524,288 | -HS- | C] () -- C:\Users\kx\ntuser.dat{013b0cd8-7993-11df-b169-967564355ad0}.TMContainer00000000000000000001.regtrans-ms [2010.06.17 10:30:10 | 000,065,536 | -HS- | C] () -- C:\Users\kx\ntuser.dat{013b0cd8-7993-11df-b169-967564355ad0}.TM.blf [2010.06.16 00:36:08 | 000,524,288 | -HS- | C] () -- C:\Users\kx\ntuser.dat{752dc5a8-786a-11df-9702-ed7e4996775b}.TMContainer00000000000000000002.regtrans-ms [2010.06.16 00:36:08 | 000,524,288 | -HS- | C] () -- C:\Users\kx\ntuser.dat{752dc5a8-786a-11df-9702-ed7e4996775b}.TMContainer00000000000000000001.regtrans-ms [2010.06.16 00:36:08 | 000,065,536 | -HS- | C] () -- C:\Users\kx\ntuser.dat{752dc5a8-786a-11df-9702-ed7e4996775b}.TM.blf [2009.09.15 12:40:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.12.08 21:07:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.09.17 12:12:53 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini [2008.07.26 17:04:29 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys [2008.07.26 17:04:29 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.06.11 12:22:17 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI [2008.06.01 13:58:11 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.01 13:58:11 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.05.31 01:30:47 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.05.25 03:22:23 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.05.23 11:58:56 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2008.05.14 22:23:32 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2008.04.25 18:31:51 | 000,002,764 | ---- | C] () -- C:\Windows\CDPlayer.ini [2008.04.17 16:40:16 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2007.12.10 04:35:25 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.12.10 04:19:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.10.11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34 < End of report > Grüsse aus dem sonnigen HH |
19.06.2010, 15:05 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Sieht recht unauffällig aus, aber ich würde noch einen Durchgang mit CF vorschlagen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2010, 20:48 | #5 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. ok, kurzes update: Kaspersky hat folgende Datei gefunden und desinfiziert.. "21.06.2010 04:06:14 Datei c:\users\kx\appdata\local\temp\a.exe, gefunden: trojanisches Programm 'Trojan-Spy.Win32.SpyEyes.ld'."... Phishing Meldungen gingen hartnäckig weiter.. daher gemacht wie empfohlen: erst CCleaner, dann Combofix Combofix Logfile: Code:
ATTFilter ComboFix 10-06-27.06 - kx 28.06.2010 23:52:55.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1166 [GMT 2:00] ausgeführt von:: c:\users\kx\Desktop\cofi.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\hpeDB99.dll c:\users\kx\AppData\Roaming\04D25B83F4AE68836BAEBABE7C9BAD38 c:\users\kx\AppData\Roaming\04D25B83F4AE68836BAEBABE7C9BAD38\enemies-names.txt Infizierte Kopie von c:\windows\system32\DRIVERS\RDPCDD.sys wurde gefunden und desinfiziert Kopie von - Kitty ate it :p wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2010-05-28 bis 2010-06-28 )))))))))))))))))))))))))))))) . 2010-06-28 22:07 . 2010-06-28 22:09 -------- d-----w- c:\users\kx\AppData\Local\temp 2010-06-28 22:07 . 2010-06-28 22:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-28 21:22 . 2010-06-28 21:27 -------- d-----w- C:\32788R22FWJFW 2010-06-20 13:58 . 2010-06-20 13:58 -------- d-----w- c:\program files\QS 2010-06-20 13:58 . 2010-06-20 13:58 -------- d-----w- c:\users\kx\temp 2010-06-20 12:54 . 2010-06-20 14:15 -------- d-----w- c:\users\kx\AppData\Roaming\TeamViewer 2010-06-20 12:54 . 2010-06-20 12:54 -------- d-----w- c:\program files\TeamViewer 2010-06-19 19:20 . 2010-06-19 19:20 -------- d-----w- c:\program files\AVM_update 2010-06-17 11:06 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 11:06 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 10:02 . 2010-06-15 10:02 -------- d-----w- c:\users\kx\AppData\Roaming\Malwarebytes 2010-06-15 10:02 . 2010-06-15 10:02 -------- d-----w- c:\programdata\Malwarebytes 2010-06-15 10:02 . 2010-06-17 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 18:31 . 2010-06-10 18:31 -------- d-----w- c:\programdata\TerraTec . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-28 22:12 . 2008-12-27 13:45 802608160 ----a-w- c:\windows\system32\drivers\fidbox.dat 2010-06-28 22:07 . 2008-12-27 13:45 10749824 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-06-28 21:39 . 2008-11-22 11:52 -------- d-----w- c:\programdata\Kaspersky Lab 2010-06-28 21:21 . 2008-04-17 10:24 -------- d-----w- c:\users\kx\AppData\Roaming\Skype 2010-06-28 20:54 . 2008-05-30 14:31 -------- d-----w- c:\programdata\Google Updater 2010-06-21 21:56 . 2008-04-15 17:49 164298 ----a-w- c:\users\kx\AppData\Roaming\nvModes.dat 2010-06-17 08:27 . 2009-07-09 20:35 -------- d-----w- c:\users\kx\AppData\Roaming\vlc 2010-06-17 08:27 . 2008-08-13 11:52 -------- d-----w- c:\users\kx\AppData\Roaming\TerraTec 2010-06-17 08:27 . 2008-12-01 17:55 -------- d-----w- c:\users\kx\AppData\Roaming\KeePass 2010-06-17 08:27 . 2008-11-22 12:12 -------- d-----w- c:\programdata\Avira 2010-06-17 08:27 . 2008-12-01 17:54 -------- d-----w- c:\program files\KeePass Password Safe 2010-06-17 08:27 . 2008-08-13 11:56 -------- d-----w- c:\program files\Common Files\TerraTec 2010-06-17 08:27 . 2008-11-22 12:12 -------- d-----w- c:\program files\Avira 2010-05-26 21:53 . 2008-12-27 13:45 761877792 ----a-w- c:\windows\system32\drivers\fidbox(175).dat 2010-05-21 22:13 . 2008-12-27 13:45 10137776 --sha-w- c:\windows\system32\drivers\fidbox(176).idx 2010-05-20 20:56 . 2006-11-02 15:33 678922 ----a-w- c:\windows\system32\perfh007.dat 2010-05-20 20:56 . 2006-11-02 15:33 147184 ----a-w- c:\windows\system32\perfc007.dat 2010-05-15 21:05 . 2007-11-22 08:26 -------- d-----w- c:\program files\Google 2010-05-11 00:31 . 2008-12-27 13:46 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-05-11 00:31 . 2008-12-27 13:46 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-05-10 23:16 . 2010-05-10 23:13 -------- d--h--w- c:\program files\Temp 2010-04-28 16:45 . 2007-11-22 08:41 1251872 ----a-w- c:\windows\RtlExUpd.dll 2010-04-27 18:51 . 2010-05-10 23:13 1738072 ----a-w- c:\windows\system32\WavesGUILib.dll 2010-04-27 18:51 . 2010-05-10 23:13 253272 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll 2010-04-27 18:51 . 2010-05-10 23:13 253784 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll 2010-04-27 18:51 . 2010-05-10 23:13 1312088 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll 2010-04-27 11:50 . 2010-05-10 23:13 299424 ----a-w- c:\windows\system32\FMAPO.dll 2010-04-21 21:00 . 2010-04-21 21:00 142276 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-14 15:55 . 2010-05-10 23:13 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll 2008-12-27 11:44 . 2008-06-01 11:59 26903 ----a-w- c:\program files\messages.log 2010-02-11 08:30 . 2008-12-17 19:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-08-04 20:20 . 2008-12-27 13:45 431954464 --sha-w- c:\windows\System32\drivers\fidbox(130).dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-10-08 22:00 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 68856] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-28 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-11 30192] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-22 36864] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-17 185896] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-14 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-14 81920] "TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2008-05-26 1101824] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" [2008-05-01 221184] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BumpTop.lnk - c:\program files\BumpTop\BumpTop.exe [2010-5-8 7162184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk backup=c:\windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Urteilsmonitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Urteilsmonitor.lnk backup=c:\windows\pss\WISO Urteilsmonitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^kx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\users\kx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^kx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\users\kx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2008-06-12 13:28 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] 2008-05-01 14:33 221184 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray] 2009-03-16 08:52 668424 ----a-w- c:\program files\Tobit ClipInc\Player\ClipIncTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI] 2008-01-16 12:44 253952 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2007-09-13 07:50 22879528 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-01-09 22:37 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Remote Control] 2008-05-26 09:45 1101824 ----a-w- c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-18 21:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):4e,99,d6,5e,f7,35,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-230490968-2256458397-3403659227-1003] "EnableNotificationsRef"=dword:00000001 R2 gupdate1c98bd7f0e56966;Google Update Service (gupdate1c98bd7f0e56966);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104] R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-06 14976] R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-11 30192] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-25 717296] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496] S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968] S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-01-16 204800] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2\RpcAgentSrv.exe [2008-04-07 98488] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] . Inhalt des "geplante Tasks" Ordners 2010-06-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 18:40] 2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 23:32] 2010-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 23:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.yahoo.com mStart Page = hxxp://de.yahoo.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {1F88B1F3-CB96-45BB-8E2F-16FAE77B5D06} = 10.4.32.1 FF - ProfilePath - c:\users\kx\AppData\Roaming\Mozilla\Firefox\Profiles\0380rjku.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\kx\AppData\Roaming\Mozilla\Firefox\Profiles\0380rjku.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll FF - component: c:\users\kx\AppData\Roaming\Mozilla\Firefox\Profiles\0380rjku.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll FF - plugin: c:\users\kx\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-dmboot.sys SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-06-29 00:12 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\windows\TEMP\TMP0000001CA6D9CE003F6DE65D 524288 bytes Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ani" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.bmp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.bwf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.cel" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cur" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.dib" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.emf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.flc" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.fli" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.gif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icl" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ico" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jfif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.jp2" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.jpe" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.jpeg" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="Applications\\PicasaPhotoViewer.exe" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.kar" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m15" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m1a" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m2a" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m75" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.mpv" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.pct" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.pic" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pics" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.pict" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.png" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.psd" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.qcp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.qtpf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.rgb" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rle" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.sdv" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sfil" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.sgi" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.smf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.sml" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.swa" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.tga" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="Applications\\vlc.exe" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.tif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.tiff" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttc" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.ulw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.vfw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wmf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BDD5B70-BEE7-940F-1F3B-6BC31F57C933}*] @Allowed: (Read) (RestrictedCode) "iaihjelhdmchhnbnfn"=hex:6b,61,63,6d,6b,61,65,65,64,70,61,66,6c,68,62,6a,64,6b, 63,65,66,6c,00,00 "haghomodfpgjnjlg"=hex:6b,61,62,6d,67,63,6b,64,64,62,68,67,65,61,66,66,6b,6a, 69,6c,70,6b,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(8432) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Apoint\ApMsgFwd.exe c:\windows\System32\rundll32.exe c:\program files\Apoint\Apntex.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe c:\program files\Hotspot Shield\bin\openvpnas.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\WUDFHost.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\program files\Hotspot Shield\bin\openvpntray.exe c:\windows\system32\conime.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-06-29 00:21:32 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-06-28 22:21 Vor Suchlauf: 16 Verzeichnis(se), 109.656.981.504 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 109.426.397.184 Bytes frei Current=3 Default=3 Failed=1 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - D32A6C0C11CBDEB8F727D703366D854E |
29.06.2010, 23:20 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Du hast ja Kaspersky und AntiVir drauf!! Deinstallier eins von den beiden, beide zusammen vertragen sich nicht!! Danach Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________ --> Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. |
03.07.2010, 18:24 | #7 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. ok.. gesagt.. getan.. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-07-01 23:27:38 Windows 6.0.6002 Service Pack 2 Running: d66jcyuz.exe; Driver: C:\Users\kx\AppData\Local\Temp\uglcqpow.sys ---- System - GMER 1.0.15 ---- SSDT A1B4DC54 ZwCreateThread SSDT A1B4DC40 ZwOpenProcess SSDT A1B4DC45 ZwOpenThread SSDT A1B4DC4F ZwTerminateProcess SSDT A1B4DC4A ZwWriteVirtualMemory INT 0x51 ? 875F9F00 INT 0x62 ? 875F9F00 INT 0x72 ? 85C1EBF8 INT 0x82 ? 8528BBF8 INT 0x92 ? 8528BBF8 INT 0xA2 ? 875F9F00 INT 0xA2 ? 875F9F00 INT 0xA2 ? 875F9F00 INT 0xB3 ? 875F9F00 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 82CEE964 4 Bytes [54, DC, B4, A1] .text ntkrnlpa.exe!KeSetEvent + 3F1 82CEEB34 4 Bytes [40, DC, B4, A1] .text ntkrnlpa.exe!KeSetEvent + 40D 82CEEB50 4 Bytes [45, DC, B4, A1] .text ntkrnlpa.exe!KeSetEvent + 621 82CEED64 4 Bytes [4F, DC, B4, A1] .text ntkrnlpa.exe!KeSetEvent + 681 82CEEDC4 4 Bytes [4A, DC, B4, A1] ? System32\Drivers\spar.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D000360, 0x35B0A2, 0xE8000020] .text USBPORT.SYS!DllUnload 88FA241B 5 Bytes JMP 875F94E0 .text aht48ny4.SYS 8DD99000 22 Bytes [82, 63, C1, 82, 6C, 62, C1, ...] .text aht48ny4.SYS 8DD99017 159 Bytes [00, 32, D7, 39, 83, 3D, D5, ...] .text aht48ny4.SYS 8DD990B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aht48ny4.SYS 8DD990CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...] .text aht48ny4.SYS 8DD9911F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe[2448] kernel32.dll!SetUnhandledExceptionFilter 7755A84F 5 Bytes JMP 0049F8A0 C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [832946D2] \SystemRoot\System32\Drivers\spar.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83294040] \SystemRoot\System32\Drivers\spar.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [832947FC] \SystemRoot\System32\Drivers\spar.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [832940BE] \SystemRoot\System32\Drivers\spar.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8329413C] \SystemRoot\System32\Drivers\spar.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [832A4048] \SystemRoot\System32\Drivers\spar.sys IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortNotification] F73BFF33 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortCompleteRequest] 71642446 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortMoveMemory] 7E398DDA IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 71902846 IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8DDA IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortInitialize] 500000FA IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF IAT \SystemRoot\System32\Drivers\aht48ny4.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7482A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74808395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7485CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03972F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03972D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03972CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03972CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sony\Network Utility\LANUtil.exe[2280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sony\Network Utility\LANUtil.exe[2280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01A82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sony\Network Utility\LANUtil.exe[2280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sony\Network Utility\LANUtil.exe[2280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Media Player\wmplayer.exe[4124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01912F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Media Player\wmplayer.exe[4124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01912D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Media Player\wmplayer.exe[4124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01912CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Media Player\wmplayer.exe[4124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01912CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\System32\mobsync.exe[5168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\System32\mobsync.exe[5168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\System32\mobsync.exe[5168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\System32\mobsync.exe[5168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\kx\Desktop\d66jcyuz.exe[6920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\kx\Desktop\d66jcyuz.exe[6920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\kx\Desktop\d66jcyuz.exe[6920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Users\kx\Desktop\d66jcyuz.exe[6920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85C201F8 Device \Driver\netbt \Device\NetBT_Tcpip_{1F88B1F3-CB96-45BB-8E2F-16FAE77B5D06} 8FD50500 Device \Driver\sptd \Device\3279971815 spar.sys Device \Driver\netbt \Device\NetBT_Tcpip_{17DC868A-C502-41EA-86C5-E329A33F206F} 8FD50500 Device \Driver\netbt \Device\NetBT_Tcpip_{DBA014B5-7891-4FBD-B4B1-FC863E440D54} 8FD50500 Device \Driver\volmgr \Device\VolMgrControl 85C1B1F8 Device \Driver\usbuhci \Device\USBPDO-0 876B01F8 Device \Driver\usbuhci \Device\USBPDO-1 876B01F8 Device \Driver\usbehci \Device\USBPDO-2 876B21F8 Device \Driver\usbuhci \Device\USBPDO-3 876B01F8 Device \Driver\usbuhci \Device\USBPDO-4 876B01F8 AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbuhci \Device\USBPDO-5 876B01F8 Device \Driver\usbehci \Device\USBPDO-6 876B21F8 Device \Driver\volmgr \Device\HarddiskVolume1 85C1B1F8 Device \Driver\volmgr \Device\HarddiskVolume2 85C1B1F8 Device \Driver\cdrom \Device\CdRom0 87782500 Device \Driver\volmgr \Device\HarddiskVolume3 85C1B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85C1F1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [88C41D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 85C1F1F8 Device \Driver\atapi \Device\Ide\IdePort1 85C1F1F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [88C41D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume4 85C1B1F8 Device \Driver\PCI_PNP1795 \Device\00000069 spar.sys Device \Driver\netbt \Device\NetBt_Wins_Export 8FD50500 Device \Driver\netbt \Device\NetBT_Tcpip_{7940B5D8-D5CC-45DE-A482-B65C0C28653A} 8FD50500 Device \Driver\Smb \Device\NetbiosSmb 8FD0E500 Device \Driver\iScsiPrt \Device\RaidPort0 876CA500 AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbuhci \Device\USBFDO-0 876B01F8 Device \Driver\usbuhci \Device\USBFDO-1 876B01F8 Device \Driver\usbehci \Device\USBFDO-2 876B21F8 Device \Driver\usbuhci \Device\USBFDO-3 876B01F8 Device \Driver\usbuhci \Device\USBFDO-4 876B01F8 Device \Driver\usbuhci \Device\USBFDO-5 876B01F8 Device \Driver\usbehci \Device\USBFDO-6 876B21F8 Device \Driver\aht48ny4 \Device\Scsi\aht48ny41 8775C1F8 Device \FileSystem\cdfs \Cdfs 90A70500 ---- Threads - GMER 1.0.15 ---- Thread System [4:452] 8FDB4100 Thread System [4:460] 8FDB4100 Thread System [4:464] 8FDEC640 Thread System [4:468] 8FDEC640 Thread System [4:476] 8FDEE630 Thread System [4:480] 8FDEE630 Thread System [4:484] 8FDEE630 Thread System [4:492] 8FDEC640 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0xC5 0xE3 0x1A ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x37 0x4E 0xD4 0xEC ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xD9 0xB7 0x54 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x88 0x1E 0x04 0xDE ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BDD5B70-BEE7-940F-1F3B-6BC31F57C933} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BDD5B70-BEE7-940F-1F3B-6BC31F57C933}@iaihjelhdmchhnbnfn 0x6B 0x61 0x63 0x6D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BDD5B70-BEE7-940F-1F3B-6BC31F57C933}@haghomodfpgjnjlg 0x6B 0x61 0x62 0x6D ... ---- EOF - GMER 1.0.15 ---- und OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v4.0.0.7584 hxxp://www.autorun-manager.com Saved at 00:23:04 on 02.07.2010 OS: Home Edition Service Pack 2 (Build 6002) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18813 Scanner Settings [x] Rootkits detection (twice-scan) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll "AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "Google Software Updater.job" - ? - C:\Windows\Tasks\Google Software Updater.job "GoogleUpdateTaskMachineCore.job" - ? - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job "GoogleUpdateTaskMachineUA.job" - ? - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2\WNt500x86\Sandra.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys "TAP VPN Adapter" (tapvpn) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tapvpn.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys "avgktg8h" (avgktg8h) - "Microsoft Corporation" - C:\Windows\system32\drivers\avgktg8h.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für Web-Anti-Virus" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (COM-object registry key not found) <binary data> "ITBarLayout" - ? - (COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für Web-Anti-Virus" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {AD6E6555-FB2C-47D4-8339-3E2965509877} "&TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} "Hotspot Shield Class" - ? - C:\Program Files\Hotspot Shield\hssie\HssIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\kx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "BumpTop.lnk" - ? - C:\Program Files\BumpTop\BumpTop.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "LogitechCommunicationsManager" - "Logitech Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" "MaxMenuMgr" - "Seagate LLC" - "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON V5 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\EBPMON2.DLL "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Personal - Free Antivirus Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe "Avira AntiVir Personal - Free Antivirus Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "ClipInc 001" (ClipInc001) - ? - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe "Google Desktop Manager 5.9.911.3589" (GoogleDesktopManager-110309-193829) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c98bd7f0e56966)" (gupdate1c98bd7f0e56966) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Hotspot Shield Routing Service" (HssSrv) - "AnchorFree Inc." - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Kaspersky Security Suite CBE" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe "LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe "Lavasoft Ad-Aware Service" (aawservice) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Seagate Service" (FreeAgentGoNext Service) - "Seagate Technology LLC" - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2\RpcAgentSrv.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe "VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe "VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe "VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe "VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe "VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll "klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru ..aktuell bekomme ich keine Meldungen vom Kaspersky Monitor mehr.. sollte ich etwa "clean" sein ??? |
04.07.2010, 18:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter RegNull:: [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BDD5B70-BEE7-940F-1F3B-6BC31F57C933}*] 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2010, 19:59 | #9 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. gut.. weiter gehts... Combofix Logfile: Code:
ATTFilter ComboFix 10-06-27.06 - kx 04.07.2010 23:47:22.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1099 [GMT 2:00] ausgeführt von:: c:\users\kx\Desktop\Anwendungen\AntiTrojan\cofi.exe Benutzte Befehlsschalter :: c:\users\kx\Desktop\CFScript.txt.txt AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2010-06-04 bis 2010-07-04 )))))))))))))))))))))))))))))) . 2010-07-04 22:11 . 2010-07-04 22:12 -------- d-----w- c:\users\kx\AppData\Local\temp 2010-07-04 22:11 . 2010-07-04 22:11 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-07-04 22:11 . 2010-07-04 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-01 22:05 . 2010-07-01 22:05 -------- d-----w- c:\program files\Common Files\Online Solutions Shared 2010-07-01 22:05 . 2010-07-01 22:05 -------- d-----w- c:\program files\Online Solutions 2010-06-28 21:27 . 2010-06-28 22:21 -------- d-----w- C:\cofi 2010-06-20 13:58 . 2010-06-20 13:58 -------- d-----w- c:\program files\QS 2010-06-20 13:58 . 2010-06-20 13:58 -------- d-----w- c:\users\kx\temp 2010-06-20 12:54 . 2010-06-20 14:15 -------- d-----w- c:\users\kx\AppData\Roaming\TeamViewer 2010-06-20 12:54 . 2010-06-20 12:54 -------- d-----w- c:\program files\TeamViewer 2010-06-19 19:20 . 2010-06-19 19:20 -------- d-----w- c:\program files\AVM_update 2010-06-17 11:06 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 11:06 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 10:02 . 2010-06-15 10:02 -------- d-----w- c:\users\kx\AppData\Roaming\Malwarebytes 2010-06-15 10:02 . 2010-06-15 10:02 -------- d-----w- c:\programdata\Malwarebytes 2010-06-15 10:02 . 2010-06-17 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 18:31 . 2010-06-10 18:31 -------- d-----w- c:\programdata\TerraTec . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-04 22:15 . 2008-12-27 13:45 812638368 ----a-w- c:\windows\system32\drivers\fidbox.dat 2010-07-04 21:38 . 2008-12-27 13:45 10876856 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-07-04 21:27 . 2008-05-30 14:31 -------- d-----w- c:\programdata\Google Updater 2010-07-04 21:27 . 2008-04-17 10:24 -------- d-----w- c:\users\kx\AppData\Roaming\Skype 2010-07-03 21:04 . 2009-01-04 20:23 1 ----a-w- c:\users\kx\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-07-03 19:42 . 2008-11-22 11:52 -------- d-----w- c:\programdata\Kaspersky Lab 2010-07-01 19:16 . 2009-07-09 20:35 -------- d-----w- c:\users\kx\AppData\Roaming\vlc 2010-06-28 22:55 . 2008-04-16 12:31 -------- d-----w- c:\users\kx\AppData\Roaming\dvdcss 2010-06-21 21:56 . 2008-04-15 17:49 164298 ----a-w- c:\users\kx\AppData\Roaming\nvModes.dat 2010-06-17 08:27 . 2008-08-13 11:52 -------- d-----w- c:\users\kx\AppData\Roaming\TerraTec 2010-06-17 08:27 . 2008-12-01 17:55 -------- d-----w- c:\users\kx\AppData\Roaming\KeePass 2010-06-17 08:27 . 2008-12-01 17:54 -------- d-----w- c:\program files\KeePass Password Safe 2010-06-17 08:27 . 2008-08-13 11:56 -------- d-----w- c:\program files\Common Files\TerraTec 2010-05-26 21:53 . 2008-12-27 13:45 761877792 ----a-w- c:\windows\system32\drivers\fidbox(175).dat 2010-05-21 22:13 . 2008-12-27 13:45 10137776 --sha-w- c:\windows\system32\drivers\fidbox(176).idx 2010-05-20 20:56 . 2006-11-02 15:33 678922 ----a-w- c:\windows\system32\perfh007.dat 2010-05-20 20:56 . 2006-11-02 15:33 147184 ----a-w- c:\windows\system32\perfc007.dat 2010-05-15 21:05 . 2007-11-22 08:26 -------- d-----w- c:\program files\Google 2010-05-11 00:31 . 2008-12-27 13:46 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-05-11 00:31 . 2008-12-27 13:46 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-05-10 23:16 . 2010-05-10 23:13 -------- d--h--w- c:\program files\Temp 2010-05-10 23:13 . 2007-11-22 08:44 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-04-21 21:00 . 2010-04-21 21:00 142276 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-14 15:55 . 2010-05-10 23:13 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll 2008-12-27 11:44 . 2008-06-01 11:59 26903 ----a-w- c:\program files\messages.log 2010-02-11 08:30 . 2008-12-17 19:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-08-04 20:20 . 2008-12-27 13:45 431954464 --sha-w- c:\windows\System32\drivers\fidbox(130).dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-10-08 22:00 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-14 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-14 81920] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk backup=c:\windows\pss\BumpTop.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk backup=c:\windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Urteilsmonitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Urteilsmonitor.lnk backup=c:\windows\pss\WISO Urteilsmonitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^kx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\users\kx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^kx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\users\kx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-11-28 11:52 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] 2008-05-01 14:33 221184 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray] 2009-03-16 08:52 668424 ----a-w- c:\program files\Tobit ClipInc\Player\ClipIncTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-02-11 08:30 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-22 10:13 36864 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI] 2008-01-16 12:44 253952 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2007-09-13 07:50 22879528 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-01-09 22:37 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-30 14:31 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Remote Control] 2008-05-26 09:45 1101824 ----a-w- c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-04-17 14:55 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-18 21:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):4e,99,d6,5e,f7,35,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-230490968-2256458397-3403659227-1003] "EnableNotificationsRef"=dword:00000001 R2 gupdate1c98bd7f0e56966;Google Update Service (gupdate1c98bd7f0e56966);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-06 14976] R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-11 30192] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-25 717296] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496] S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968] S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-01-16 204800] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2\RpcAgentSrv.exe [2008-04-07 98488] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544] . Inhalt des "geplante Tasks" Ordners 2010-07-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 18:40] 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 23:32] 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 23:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.yahoo.com mStart Page = hxxp://de.yahoo.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {1F88B1F3-CB96-45BB-8E2F-16FAE77B5D06} = 10.4.32.1 FF - ProfilePath - c:\users\kx\AppData\Roaming\Mozilla\Firefox\Profiles\0380rjku.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\kx\AppData\Roaming\Mozilla\Firefox\Profiles\0380rjku.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll FF - component: c:\users\kx\AppData\Roaming\Mozilla\Firefox\Profiles\0380rjku.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll FF - plugin: c:\users\kx\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-07-05 00:11 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ani" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.bmp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.bwf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.cel" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cur" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.dib" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.emf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.flc" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.fli" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.gif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icl" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ico" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jfif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.jp2" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.jpe" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.jpeg" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="Applications\\PicasaPhotoViewer.exe" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.kar" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m15" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m1a" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.m2a" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.m75" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.mpv" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.pct" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.pic" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pics" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.pict" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.png" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.psd" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.qcp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.qtpf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.rgb" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rle" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.sdv" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sfil" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.sgi" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.smf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.sml" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.swa" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.tga" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="Applications\\vlc.exe" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.tif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.tiff" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttc" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.ulw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (S-1-5-21-230490968-2256458397-3403659227-1003) @Denied: (2) (LocalSystem) "Progid"="QuickTime.vfw" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wmf" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" [HKEY_USERS\S-1-5-21-230490968-2256458397-3403659227-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-07-05 00:22:04 ComboFix-quarantined-files.txt 2010-07-04 22:22 ComboFix2.txt 2010-06-28 22:21 Vor Suchlauf: 22 Verzeichnis(se), 111.258.275.840 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 111.412.969.472 Bytes frei - - End Of File - - 4DF70E7933987419E38305FF236EF631 |
05.07.2010, 20:06 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Hast Du jetzt Kaspersky oder AntiVir deinstalliert? Beide zusammen solltest Du nicht verwenden!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2010, 21:09 | #11 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Antivir habe ich deinstalliert, sind eigentlich keine Dateien mehr drauf.. Deinstallation war aber schwierig.. hab mich an die manuelle Deinstallationsanleitung von antivir gehalten und dann Antivir regcleaner benutzt.. warum da noch etwas drauf sein sollte weiss ich wirklich nicht.. Wie sieht es denn aus? Meinste ich bin bald mal frei von den Plagegeistern? Vielen Dank für die Unterstützung soweit.. Gruss. kx |
05.07.2010, 22:15 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Ja, es sieht gut aus Mach aber bitte noch zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
13.07.2010, 10:43 | #13 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Hello, again.. hier die log files: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4306 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18813 13.07.2010 03:53:36 mbam-log-2010-07-13 (03-53-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 330868 Laufzeit: 1 Stunde(n), 59 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/09/2010 at 01:43 AM Application Version : 4.40.1002 Core Rules Database Version : 5174 Trace Rules Database Version: 2986 Scan type : Complete Scan Total Scan Time : 02:50:25 Memory items scanned : 646 Memory threats detected : 0 Registry items scanned : 11908 Registry threats detected : 0 File items scanned : 200164 File threats detected : 2 Trojan.Agent/Gen-Nullo[Short] C:\USERS\KX\DESKTOP\FREEAGENT22-4\LIBERKEY\APPS\CDEX\APP\CDEX\UNICOWS.DLL Rogue.Agent/Gen-Nullo[DLL] C:\WINDOWS\SYSTEM32\KBDRO164M.DLL also, wurden wohl noch 2 sachen gefunden.. was kann ich tun? Lieben gruss. |
13.07.2010, 11:22 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Sieht eher nach Fehlalarmen aus. Werte mal bei Dateien bei Virustotal.com aus und poste die Ergebnislinks.
__________________ Logfiles bitte immer in CODE-Tags posten |
14.07.2010, 02:28 | #15 |
| Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. Datei kbdro164m.dll empfangen 2010.07.14 01:12:36 (UTC) Ergebnis: 1/41 (2.44%) Antivirus Version letzte aktualisierung Ergebnis a-squared 5.0.0.31 2010.07.13 - AhnLab-V3 2010.07.14.00 2010.07.13 - AntiVir 8.2.4.10 2010.07.13 - Antiy-AVL 2.0.3.7 2010.07.12 - Authentium 5.2.0.5 2010.07.13 - Avast 4.8.1351.0 2010.07.13 - Avast5 5.0.332.0 2010.07.13 - AVG 9.0.0.836 2010.07.13 - BitDefender 7.2 2010.07.14 - CAT-QuickHeal 11.00 2010.07.13 - ClamAV 0.96.0.3-git 2010.07.13 - Comodo 5419 2010.07.14 - DrWeb 5.0.2.03300 2010.07.14 - eSafe 7.0.17.0 2010.07.11 - eTrust-Vet 36.1.7704 2010.07.13 - F-Prot 4.6.1.107 2010.07.13 - F-Secure 9.0.15370.0 2010.07.14 - Fortinet 4.1.143.0 2010.07.13 - GData 21 2010.07.14 - Ikarus T3.1.1.84.0 2010.07.13 - Jiangmin 13.0.900 2010.07.13 - Kaspersky 7.0.0.125 2010.07.14 - McAfee 5.400.0.1158 2010.07.14 - McAfee-GW-Edition 2010.1 2010.07.13 - Microsoft 1.5902 2010.07.13 - NOD32 5276 2010.07.13 - Norman 6.05.11 2010.07.13 - nProtect 2010-07-13.01 2010.07.13 - Panda 10.0.2.7 2010.07.13 - PCTools 7.0.3.5 2010.07.13 - Rising 22.56.01.04 2010.07.13 - Sophos 4.55.0 2010.07.13 - Sunbelt 6577 2010.07.14 - SUPERAntiSpyware 4.40.0.1006 2010.07.14 Rogue.Agent/Gen-Nullo[DLL] Symantec 20101.1.0.89 2010.07.13 - TheHacker 6.5.2.1.313 2010.07.13 - TrendMicro 9.120.0.1004 2010.07.13 - TrendMicro-HouseCall 9.120.0.1004 2010.07.14 - VBA32 3.12.12.6 2010.07.13 - ViRobot 2010.7.12.3932 2010.07.13 - VirusBuster 5.0.27.0 2010.07.13 - weitere Informationen File size: 4729 bytes MD5...: 3ef2a2d9068f4775261063bec2f4d975 SHA1..: 82d8bf371aac7fa2ca1ad7c5b94ae6ef512442dc SHA256: 47864bda522e4df7e311b73f91218913332f09507bcf855050e97747f0114da9 ssdeep: 96:CT4aYHnBOyohaot/i6sLW8lLrAVnTyBM7Fnn3tCJg+E95t:RaJyGnjsy8lL0Z Txd3tCJgR5t PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - trid..: Unknown! pdfid.: - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned atei unicows.dll empfangen 2010.07.14 01:18:57 (UTC) Ergebnis: 4/42 (9.53%) Antivirus Version letzte aktualisierung Ergebnis a-squared 5.0.0.31 2010.07.13 - AhnLab-V3 2010.07.14.00 2010.07.13 - AntiVir 8.2.4.10 2010.07.13 TR/Trash.Gen Antiy-AVL 2.0.3.7 2010.07.12 - Authentium 5.2.0.5 2010.07.13 - Avast 4.8.1351.0 2010.07.13 - Avast5 5.0.332.0 2010.07.13 - AVG 9.0.0.836 2010.07.13 - BitDefender 7.2 2010.07.14 - CAT-QuickHeal 11.00 2010.07.13 - ClamAV 0.96.0.3-git 2010.07.13 - Comodo 5419 2010.07.14 - DrWeb 5.0.2.03300 2010.07.14 - eSafe 7.0.17.0 2010.07.11 - eTrust-Vet 36.1.7704 2010.07.13 - F-Prot 4.6.1.107 2010.07.13 - F-Secure 9.0.15370.0 2010.07.14 - Fortinet 4.1.143.0 2010.07.13 - GData 21 2010.07.14 - Ikarus T3.1.1.84.0 2010.07.13 - Jiangmin 13.0.900 2010.07.13 - Kaspersky 7.0.0.125 2010.07.14 - McAfee 5.400.0.1158 2010.07.14 - McAfee-GW-Edition 2010.1 2010.07.13 - Microsoft 1.5902 2010.07.13 - NOD32 5276 2010.07.13 - Norman 6.05.11 2010.07.13 - nProtect 2010-07-13.01 2010.07.13 - Panda 10.0.2.7 2010.07.13 - PCTools 7.0.3.5 2010.07.13 HeurEngine.MalPE Prevx 3.0 2010.07.14 - Rising 22.56.01.04 2010.07.13 - Sophos 4.55.0 2010.07.14 - Sunbelt 6577 2010.07.14 - SUPERAntiSpyware 4.40.0.1006 2010.07.14 Trojan.Agent/Gen-Nullo[Short] Symantec 20101.1.0.89 2010.07.13 Bloodhound.MalPE TheHacker 6.5.2.1.313 2010.07.13 - TrendMicro 9.120.0.1004 2010.07.13 - TrendMicro-HouseCall 9.120.0.1004 2010.07.14 - VBA32 3.12.12.6 2010.07.13 - ViRobot 2010.7.12.3932 2010.07.13 - VirusBuster 5.0.27.0 2010.07.13 - weitere Informationen File size: 101168 bytes MD5...: 6b8161fc196a3fa96505a7c28afd08dd SHA1..: 8994fd34af2e2e83d6dff8ce724ff428e907d2b6 SHA256: 62d799180ab1ab3e98b4e9b0a2f436e0ede7fc3bd1f529f35d4494e39816fd2b ssdeep: 3072:bNSHTDfr++2kj5JRlVuoVKiNwgTUMJbdk6O:kHTDfr++JHfDPk3 PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - trid..: Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%) pdfid.: - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned |
Themen zu Ärger mit Antimaleware Doctor, stäniger Phishing Alarm.. |
adware.adrotator, adware.ezlife, aktiv, antimaleware, antimalware, browser, c:\windows, erfolgreich, explorer, folge, folgendes, gelöscht, interne, internet, internet explorer, kaspersky, local\temp, nicht mehr, nichts, phishing, programm, rkill, rogue.antimalwaredoctor, scan, schlägt, starten., ständiger, temp, trojan.agent.u, trojanisches, trojanisches programm, windows, zurücksetzen |