| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner/Virus über ICQWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.07.2010, 18:04
| #1 |
| |  Trojaner/Virus über ICQ Hallo an alle  Hab mich extra wegen meinem Problemchen hier im Forum angemeldet und hoffe ihr könnt mir helfen  Alsoo, über ICQ hat mir jemand folgendes geschrieben: "Kennst du das Foto noch  "h**p://www.facebook.benbarkel.com/facebook_gallery.php?image=DSC00208042010-JPG Weil mir das eine Freundin von mir geschickt hat hab ich mir nix weiter dabei gedacht und auf den link geklickt und das Bild mit dem Namen DSC00208042010-JPG.src heruntergeladen und geöffnet. Daraufhin hat sich Antivir gemeldet und irgendwas von einem Trojaner gesagt und ich hab daraufhin auf Entfernen gedrückt, allerdings glaube ich, dass der Virus nicht komplett weg ist, da ich ihn zwar nicht über ICQ verteile, aber meine Chat-Fenster schliessen sich in regelmässigen abständen. Die Person, von der ich den Link geschickt bekommen hab hat ihn mir aber garnich geschickt, aber sie konnte mich nicht mehr rechtzeitig warnen. Dann hab ich eure Anleitung hier befolgt mit folgenden Ergebnissen: Malwarebytes-Anti-Malware Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4300
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10.07.2010 18:18:03
mbam-log-2010-07-10 (18-18-03).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123836
Laufzeit: 4 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
C:\Users\Public\winsvrcn.exe (Backdoor.Bot) -> Unloaded process successfully.
Infizierte Speichermodule:
C:\Users\***\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowssyscontrol (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Public\winsvrcn.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\BmlK1bgM17.log (Mismatched.Extension) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\vir.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\fDc8F0K6iK.log (Mismatched.Extension) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-07-10 18:24:00 Microsoft Windows 7 Home Premium System drive C: has 102 GB (78%) free of 131 GB Total RAM: 3037 MB (76% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:24:09, on 10.07.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Desktop\RSIT.exe C:\Program Files\trend micro\***.exe Die Datei hiess so wie ich/mein Benutzerkonto R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 4222 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-28 13797920] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Halo2] C:\Users\***\AppData\Local\Temp\sshnas21.dll,GetMainWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine] mmrtkrnl.exe /i [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-07-10 18:24:00 ----D---- C:\rsit 2010-07-10 18:24:00 ----D---- C:\Program Files\trend micro 2010-07-10 18:10:27 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-07-10 18:10:20 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-07-10 18:10:18 ----D---- C:\ProgramData\Malwarebytes 2010-07-10 18:10:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-07-10 18:10:18 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-07-10 17:57:10 ----D---- C:\Program Files\CCleaner 2010-07-10 16:50:41 ----RA---- C:\Users\***\AppData\Roaming\LJC8G.txt 2010-07-10 16:50:41 ----RA---- C:\Users\***\AppData\Roaming\BkE6c.txt 2010-07-03 13:57:32 ----SHD---- C:\Config.Msi 2010-06-29 20:40:55 ----D---- C:\ProgramData\Raxco 2010-06-29 11:36:45 ----D---- C:\Program Files\MSXML 4.0 2010-06-24 17:25:32 ----D---- C:\s-winprosa 2010-06-24 16:20:59 ----A---- C:\Windows\system32\devil.dll 2010-06-24 16:20:59 ----A---- C:\Windows\system32\avisynth.dll 2010-06-24 16:20:56 ----A---- C:\Windows\system32\yv12vfw.dll 2010-06-24 16:20:56 ----A---- C:\Windows\system32\i420vfw.dll 2010-06-24 16:20:56 ----A---- C:\Windows\system32\AVSredirect.dll 2010-06-24 16:20:55 ----D---- C:\Program Files\AviSynth 2.5 2010-06-24 16:09:49 ----D---- C:\ProgramData\TEMP 2010-06-24 16:09:12 ----D---- C:\Users\Eliah\AppData\Roaming\AnvSoft 2010-06-23 19:30:51 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2010-06-23 19:30:51 ----A---- C:\Windows\system32\PresentationHost.exe 2010-06-23 19:30:51 ----A---- C:\Windows\system32\netfxperf.dll 2010-06-23 19:30:51 ----A---- C:\Windows\system32\mscoree.dll 2010-06-23 19:30:51 ----A---- C:\Windows\system32\dfshim.dll 2010-06-23 19:29:48 ----A---- C:\Windows\system32\ntdll.dll 2010-06-23 19:29:46 ----A---- C:\Windows\system32\msdri.dll 2010-06-23 19:29:46 ----A---- C:\Windows\system32\CPFilters.dll 2010-06-21 18:31:55 ----DC---- C:\Windows\system32\DRVSTORE 2010-06-21 18:31:55 ----A---- C:\Windows\system32\GEARAspi.dll 2010-06-21 18:31:55 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys 2010-06-21 18:31:36 ----D---- C:\Program Files\iPod 2010-06-21 18:31:35 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-06-21 18:31:35 ----D---- C:\Program Files\iTunes 2010-06-21 18:30:47 ----D---- C:\ProgramData\Apple Computer 2010-06-21 18:30:47 ----D---- C:\Program Files\QuickTime 2010-06-21 18:30:39 ----D---- C:\Program Files\Apple Software Update 2010-06-21 18:30:04 ----D---- C:\Program Files\Bonjour 2010-06-17 20:19:44 ----D---- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2010-06-15 17:47:32 ----D---- C:\Users\***\AppData\Roaming\AlcaTech 2010-06-15 17:47:18 ----A---- C:\Windows\system32\Setup.dll 2010-06-15 17:47:16 ----D---- C:\ProgramData\AlcaTech 2010-06-12 11:45:19 ----D---- C:\Users\***\AppData\Roaming\Adobe Mini Bridge CS5 2010-06-12 11:45:18 ----D---- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2010-06-12 11:34:46 ----D---- C:\ProgramData\regid.1986-12.com.adobe 2010-06-12 11:29:24 ----D---- C:\Program Files\Common Files\Adobe AIR 2010-06-12 09:29:30 ----A---- C:\Windows\system32\win32k.sys 2010-06-12 09:29:30 ----A---- C:\Windows\system32\asycfilt.dll 2010-06-12 09:29:29 ----A---- C:\Windows\system32\mshtml.dll 2010-06-12 09:29:28 ----A---- C:\Windows\system32\urlmon.dll 2010-06-12 09:29:28 ----A---- C:\Windows\system32\mstime.dll 2010-06-12 09:29:28 ----A---- C:\Windows\system32\ieframe.dll 2010-06-12 09:29:27 ----A---- C:\Windows\system32\wininet.dll 2010-06-12 09:29:27 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-06-12 09:29:27 ----A---- C:\Windows\system32\jsproxy.dll 2010-06-12 09:29:27 ----A---- C:\Windows\system32\iedkcs32.dll 2010-06-12 09:29:25 ----A---- C:\Windows\system32\atmlib.dll 2010-06-12 09:29:25 ----A---- C:\Windows\system32\atmfd.dll ======List of files/folders modified in the last 1 months====== 2010-07-10 18:24:00 ----D---- C:\Program Files 2010-07-10 18:22:22 ----D---- C:\Users\***\AppData\Roaming\ICQ 2010-07-10 18:21:23 ----D---- C:\Windows\Temp 2010-07-10 18:21:15 ----D---- C:\Windows 2010-07-10 18:20:58 ----D---- C:\Windows\system32\drivers 2010-07-10 18:20:58 ----D---- C:\Windows\Logs 2010-07-10 18:10:18 ----D---- C:\ProgramData 2010-07-10 18:05:23 ----D---- C:\Windows\debug 2010-07-10 18:02:55 ----SHD---- C:\System Volume Information 2010-07-10 17:40:29 ----D---- C:\Windows\Tasks 2010-07-10 17:24:32 ----D---- C:\Windows\system32\Tasks 2010-07-10 16:52:51 ----D---- C:\Users\***\AppData\Roaming\GrabIt 2010-07-10 15:17:21 ----D---- C:\Windows\system32\config 2010-07-10 15:08:11 ----D---- C:\Windows\System32 2010-07-10 15:08:11 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-07-10 15:08:10 ----D---- C:\Windows\inf 2010-07-10 15:04:56 ----D---- C:\ProgramData\Microsoft 2010-07-10 15:04:46 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-07-03 14:59:50 ----D---- C:\Windows\Prefetch 2010-07-03 13:57:48 ----SHD---- C:\Windows\Installer 2010-06-29 20:41:07 ----D---- C:\Windows\system32\catroot 2010-06-29 20:40:54 ----D---- C:\Program Files\Raxco 2010-06-29 20:08:22 ----D---- C:\Program Files\Common Files 2010-06-29 20:08:13 ----HD---- C:\Program Files\InstallShield Installation Information 2010-06-29 20:07:34 ----D---- C:\ProgramData\WindSolutions 2010-06-29 20:04:24 ----D---- C:\Program Files\Adobe 2010-06-29 12:22:47 ----D---- C:\Windows\winsxs 2010-06-28 14:20:45 ----SHD---- C:\$Recycle.Bin 2010-06-27 14:54:59 ----D---- C:\Program Files\Mozilla Firefox 2010-06-24 17:49:00 ----D---- C:\Windows\system32\wdi 2010-06-24 16:20:54 ----RSD---- C:\Windows\Fonts 2010-06-24 13:11:33 ----D---- C:\Windows\Microsoft.NET 2010-06-24 13:11:31 ----RSD---- C:\Windows\assembly 2010-06-24 13:02:15 ----D---- C:\Windows\system32\catroot2 2010-06-23 19:33:38 ----D---- C:\Windows\ehome 2010-06-23 19:32:56 ----D---- C:\Windows\system32\de-DE 2010-06-23 19:31:40 ----D---- C:\Windows\system32\en-US 2010-06-23 19:31:40 ----D---- C:\Program Files\Microsoft.NET 2010-06-23 19:30:44 ----D---- C:\Windows\AppPatch 2010-06-21 18:37:24 ----D---- C:\Users\***\AppData\Roaming\Apple Computer 2010-06-21 18:31:35 ----D---- C:\Program Files\Common Files\Apple 2010-06-21 18:31:02 ----D---- C:\Program Files\Internet Explorer 2010-06-21 18:30:30 ----D---- C:\Windows\system32\DriverStore 2010-06-21 15:24:49 ----D---- C:\Users\***\AppData\Roaming\WindSolutions 2010-06-19 11:10:06 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2010-06-15 15:38:22 ----D---- C:\Users\***\AppData\Roaming\Adobe 2010-06-15 15:36:16 ----D---- C:\ProgramData\Adobe 2010-06-12 13:16:11 ----D---- C:\Windows\system32\migration 2010-06-12 11:31:57 ----D---- C:\Program Files\Common Files\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-28 691696] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2010-04-07 135184] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776] R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992] R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008] R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 auesbwxk;auesbwxk; C:\Windows\system32\drivers\auesbwxk.sys [] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-28 211488] R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2010-05-27 1565960] R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2010-05-27 1471752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] -----------------EOF----------------- hxxp://www.virustotal.com/de/analisis/6fbc573d0cd7edb21d18b8c0fc681fa4ae1107621c45b64fba7d6da369d437df-1278777690 Ich hoffe ich hab alles richtig gemacht wäre sehr dankbar über ein bisschen Hilfe  |
|
12.07.2010, 11:56
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner/Virus über ICQ Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
12.07.2010, 16:24
| #3 |
| | Trojaner/Virus über ICQ Hey, danke für dia Antwort
__________________ So... Hier ist mal der Vollscan von Malwarebyte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4305
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.07.2010 17:12:25
mbam-log-2010-07-12 (17-12-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 202796
Laufzeit: 37 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 12.07.2010 17:15:11 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\***\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,58 Gb Total Space | 95,33 Gb Free Space | 74,72% Space Free | Partition Type: NTFS Drive D: | 51,45 Gb Total Space | 43,66 Gb Free Space | 84,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 465,76 Gb Total Space | 154,92 Gb Free Space | 33,26% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOP Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe (Raxco Software, Inc.) PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\GrabIt\GrabIt.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.) SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 6B 50 0E A5 FD CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.5.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..network.proxy.backup.ftp: "164.78.252.24" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "164.78.252.24" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "164.78.252.24" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "164.78.252.24" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "208.96.213.149" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "208.96.213.149" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "208.96.213.149" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "208.96.213.149" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "208.96.213.149" FF - prefs.js..network.proxy.ssl_port: 80 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 14:54:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.03 13:57:39 | 000,000,000 | ---D | M] [2010.05.27 16:03:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.07.11 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iwz2o6r4.default\extensions [2010.07.06 13:59:46 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iwz2o6r4.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2010.07.10 21:25:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iwz2o6r4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.27 16:08:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iwz2o6r4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.05.27 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iwz2o6r4.default\extensions\firebug@software.joehewitt.com [2010.06.10 20:19:54 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\iwz2o6r4.default\searchplugins\conduit.xml [2010.07.06 14:09:46 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\iwz2o6r4.default\searchplugins\icqplugin-1.xml [2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\iwz2o6r4.default\searchplugins\icqplugin.xml [2010.05.27 16:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.12.01 04:47:17 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk F:\ O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.12 16:31:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.07.12 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\logs [2010.07.11 21:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VMware [2010.07.11 21:22:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Virtual Machines [2010.07.11 21:05:20 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys [2010.07.11 21:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\S.A.D [2010.07.11 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VMware [2010.07.11 20:27:31 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll [2010.07.11 20:27:31 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys [2010.07.11 20:27:27 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe [2010.07.11 20:27:23 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe [2010.07.11 20:27:22 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys [2010.07.11 20:27:21 | 000,051,248 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll [2010.07.11 20:27:21 | 000,036,400 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys [2010.07.11 20:27:21 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys [2010.07.11 20:27:19 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll [2010.07.11 20:26:56 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys [2010.07.11 20:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2010.07.11 20:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2010.07.11 20:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\VMware [2010.07.11 19:28:58 | 000,000,000 | R--D | C] -- C:\Users\***\Virtual Machines [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ [2010.07.11 19:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA [2010.07.11 19:24:09 | 002,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCWizard.exe [2010.07.11 19:24:09 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys [2010.07.11 19:24:08 | 003,330,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpc.exe [2010.07.11 19:24:08 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMWindow.exe [2010.07.11 19:22:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui [2010.07.11 19:22:15 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll [2010.07.11 19:22:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpchbus.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcuxd.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcuxd.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcuxd.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcusb.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcusb.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcusb.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcusb.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcnfltr.sys.mui [2010.07.11 19:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcnfltr.sys.mui [2010.07.11 19:22:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcvmm.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcuxd.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcusb.sys.mui [2010.07.11 19:22:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcusb.sys.mui [2010.07.11 19:22:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcvmm.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcnfltr.sys.mui [2010.07.11 19:22:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcnfltr.sys.mui [2010.07.11 19:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcnfltr.sys.mui [2010.07.11 19:22:08 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys [2010.07.11 19:22:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys [2010.07.11 19:22:08 | 000,055,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys [2010.07.11 19:22:07 | 001,260,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCSettings.exe [2010.07.11 19:22:07 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmsal.exe [2010.07.11 19:22:07 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMCPropertyHandler.dll [2010.07.11 19:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode [2010.07.11 19:04:43 | 486,678,800 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Desktop\WindowsXPMode_de-de.exe [2010.07.11 19:02:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2010.07.11 19:01:22 | 000,159,144 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Desktop\WindowsActivationUpdate.exe [2010.07.10 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.07.10 18:24:00 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.10 18:10:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.07.10 18:10:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.10 18:10:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.10 18:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.10 17:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.04 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mindfuck [2010.07.03 18:48:23 | 000,320,512 | ---- | C] (Heuberger Software) -- C:\Users\***\Desktop\CamMirror.exe [2010.06.29 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco [2010.06.29 11:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010.06.28 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions [2010.06.27 12:36:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Yahoo! [2010.06.24 17:25:32 | 000,000,000 | ---D | C] -- C:\s-winprosa [2010.06.24 16:20:59 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.06.24 16:20:59 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.06.24 16:20:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.06.24 16:20:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.06.24 16:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2010.06.24 16:09:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Any Video Converter Professional [2010.06.24 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.06.24 16:09:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AnvSoft [2010.06.24 15:51:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Xilisoft Corporation [2010.06.24 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data [2010.06.24 15:17:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games [2010.06.23 19:30:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.23 19:30:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.23 19:30:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 19:29:46 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.06.23 19:29:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.06.23 19:29:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.23 19:29:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.06.21 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backupipod [2010.06.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2010.06.21 18:31:55 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2010.06.21 18:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.06.21 18:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.21 18:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.06.21 18:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.06.21 18:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.06.21 18:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.06.21 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2010.06.21 18:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.06.21 18:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.06.19 08:46:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Arbeitsdateien [2010.06.17 20:19:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.15 17:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AlcaTech [2010.06.15 17:47:18 | 000,126,464 | ---- | C] (AlcaTech) -- C:\Windows\System32\Setup.dll [2010.06.15 17:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AlcaTech [2010.06.14 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\cs5 ========== Files - Modified Within 30 Days ========== [2010.07.12 17:17:21 | 001,572,864 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.12 16:58:06 | 000,224,021 | ---- | M] () -- C:\Users\***\Desktop\The.Big.Lebowski.German.1998.AC3.DVDRiP.XviD.iNTERNAL-CiA.nzb [2010.07.12 16:55:05 | 000,247,157 | ---- | M] () -- C:\Users\***\Desktop\_Bud.und.Doyle.German.1996.DVDRip.XviD.iNTERNAL-BiG.nzb [2010.07.12 16:35:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 16:35:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 16:32:21 | 000,658,724 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.12 16:32:21 | 000,619,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.12 16:32:21 | 000,131,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.12 16:32:21 | 000,108,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.12 16:32:20 | 001,506,624 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.12 16:31:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.07.12 16:27:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.12 16:27:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.12 16:27:43 | 2388,287,488 | -HS- | M] () -- C:\hiberfil.sys [2010.07.11 23:17:05 | 004,041,256 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.11 21:05:22 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk [2010.07.11 20:26:50 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.07.11 20:26:47 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2010.07.11 19:18:42 | 486,678,800 | ---- | M] (Microsoft Corporation) -- C:\Users\***\Desktop\WindowsXPMode_de-de.exe [2010.07.11 19:14:49 | 003,896,919 | ---- | M] () -- C:\Users\***\Desktop\Windows6.1-KB977206-x86.msu [2010.07.11 19:09:48 | 009,591,606 | ---- | M] () -- C:\Users\***\Desktop\Windows6.1-KB958559-x86.msu [2010.07.11 19:02:46 | 000,159,144 | ---- | M] (Microsoft Corporation) -- C:\Users\***\Desktop\WindowsActivationUpdate.exe [2010.07.10 22:44:42 | 000,000,989 | ---- | M] () -- C:\Users\***\Desktop\blabla.gif [2010.07.10 18:18:53 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2010.07.10 18:06:36 | 000,032,132 | ---- | M] () -- C:\Users\***\Documents\cc_20100710_180629.reg [2010.07.10 17:57:13 | 000,000,925 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.07.07 18:50:11 | 000,015,882 | ---- | M] () -- C:\Users\***\Documents\1.docx [2010.07.05 18:03:45 | 000,035,840 | ---- | M] () -- C:\Users\***\Documents\31.07.2002-19.42.14_Uhr-1.doc [2010.07.05 18:01:17 | 000,013,820 | ---- | M] () -- C:\Users\***\Documents\Was sind Lebensmittelzusatzstoffe.docx [2010.07.03 21:32:50 | 000,292,176 | ---- | M] () -- C:\Users\***\Desktop\Webcam1.jpg [2010.07.03 21:31:40 | 001,440,826 | ---- | M] () -- C:\Users\***\Desktop\Webcam1.psd [2010.07.03 20:30:42 | 000,396,138 | ---- | M] () -- C:\Users\***\Documents\Auge.jpg [2010.07.03 20:25:47 | 001,228,854 | ---- | M] () -- C:\Users\***\Desktop\Webcam1.bmp [2010.07.03 20:16:31 | 001,247,677 | ---- | M] () -- C:\Users\***\Desktop\untitled.mp3 [2010.07.03 13:57:39 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.01 16:36:49 | 000,035,840 | ---- | M] () -- C:\Users\***\Desktop\31.07.2002-19.42.14_Uhr.doc [2010.06.29 20:40:57 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\PerfectDisk 11.lnk [2010.06.29 20:07:02 | 000,126,464 | ---- | M] (AlcaTech) -- C:\Windows\System32\Setup.dll [2010.06.28 14:24:11 | 000,671,254 | ---- | M] () -- C:\Users\***\Documents\Zusammenschrieb.pdf [2010.06.21 18:31:56 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.19 16:30:14 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.06.19 11:10:06 | 000,001,197 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.19 08:20:22 | 001,675,770 | ---- | M] () -- C:\Users\***\Desktop\TN_Mailing2010.pdf [2010.06.16 21:03:03 | 000,085,744 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.16 20:12:53 | 003,695,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010.07.12 16:58:00 | 000,224,021 | ---- | C] () -- C:\Users\***\Desktop\The.Big.Lebowski.German.1998.AC3.DVDRiP.XviD.iNTERNAL-CiA.nzb [2010.07.12 16:55:00 | 000,247,157 | ---- | C] () -- C:\Users\***\Desktop\_Bud.und.Doyle.German.1996.DVDRip.XviD.iNTERNAL-BiG.nzb [2010.07.11 21:05:22 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk [2010.07.11 20:26:50 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.07.11 20:26:47 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2010.07.11 19:14:49 | 003,896,919 | ---- | C] () -- C:\Users\***\Desktop\Windows6.1-KB977206-x86.msu [2010.07.11 19:09:36 | 009,591,606 | ---- | C] () -- C:\Users\***\Desktop\Windows6.1-KB958559-x86.msu [2010.07.10 22:44:41 | 000,000,989 | ---- | C] () -- C:\Users\***\Desktop\blabla.gif [2010.07.10 18:18:53 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.07.10 18:06:32 | 000,032,132 | ---- | C] () -- C:\Users\***\Documents\cc_20100710_180629.reg [2010.07.10 17:57:13 | 000,000,925 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.07.10 16:50:41 | 000,000,000 | R--- | C] () -- C:\Users\***\AppData\Roaming\LJC8G.txt [2010.07.10 16:50:41 | 000,000,000 | R--- | C] () -- C:\Users\***\AppData\Roaming\BkE6c.txt [2010.07.07 18:50:11 | 000,015,882 | ---- | C] () -- C:\Users\***\Documents\1.docx [2010.07.05 18:03:44 | 000,035,840 | ---- | C] () -- C:\Users\***\Documents\31.07.2002-19.42.14_Uhr-1.doc [2010.07.05 18:01:16 | 000,013,820 | ---- | C] () -- C:\Users\***\Documents\Was sind Lebensmittelzusatzstoffe.docx [2010.07.03 20:30:41 | 000,396,138 | ---- | C] () -- C:\Users\***\Documents\Auge.jpg [2010.07.03 20:23:18 | 001,228,854 | ---- | C] () -- C:\Users\***\Desktop\Webcam1.bmp [2010.07.03 20:18:57 | 000,292,176 | ---- | C] () -- C:\Users\***\Desktop\Webcam1.jpg [2010.07.03 20:16:12 | 001,247,677 | ---- | C] () -- C:\Users\***\Desktop\untitled.mp3 [2010.07.03 19:53:40 | 001,440,826 | ---- | C] () -- C:\Users\***\Desktop\Webcam1.psd [2010.07.03 13:57:39 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.01 16:36:48 | 000,035,840 | ---- | C] () -- C:\Users\***\Desktop\31.07.2002-19.42.14_Uhr.doc [2010.06.29 20:40:57 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\PerfectDisk 11.lnk [2010.06.28 14:24:10 | 000,671,254 | ---- | C] () -- C:\Users\***\Documents\Zusammenschrieb.pdf [2010.06.24 16:20:56 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.21 18:31:56 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.19 08:20:22 | 001,675,770 | ---- | C] () -- C:\Users\***\Desktop\TN_Mailing2010.pdf [2010.06.17 18:56:11 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.05.28 17:17:31 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.07.2010 17:15:12 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\***\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,58 Gb Total Space | 95,33 Gb Free Space | 74,72% Space Free | Partition Type: NTFS
Drive D: | 51,45 Gb Total Space | 43,66 Gb Free Space | 84,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 154,92 Gb Free Space | 33,26% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"Sakura" = Sakura
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VMware_Workstation" = VMware Workstation
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2010 15:05:32 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:05:32 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:05:32 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:06:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:06:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:06:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:06:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.07.2010 15:06:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.07.2010 10:28:01 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.07.2010 10:28:01 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 26.06.2010 17:42:04 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 27.06.2010 09:06:08 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 28.06.2010 11:40:36 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 30.06.2010 15:02:44 | Computer Name = Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 05.07.2010 14:36:47 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.07.2010 14:36:48 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.07.2010 14:36:48 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.07.2010 14:36:49 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.07.2010 14:36:49 | Computer Name = Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.07.2010 09:05:16 | Computer Name = Laptop | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
|
|
12.07.2010, 16:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus über ICQ Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: "164.78.252.24"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "164.78.252.24"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "164.78.252.24"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "164.78.252.24"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "208.96.213.149"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "208.96.213.149"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "208.96.213.149"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "208.96.213.149"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "208.96.213.149"
FF - prefs.js..network.proxy.ssl_port: 80
O32 - Unable to obtain root file information for disk F:\
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2010, 17:54
| #5 |
| |  Trojaner/Virus über ICQ Hmm... der pc hat sich dabei aufgehängt und nach dem Neustart kam das hier: Code:
ATTFilter Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1876.log moved successfully.
Registry entries deleted on Reboot...
|
|
12.07.2010, 18:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus über ICQ Ok... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Trojaner/Virus über ICQ |
|
12.07.2010, 18:25
| #7 |
| | Trojaner/Virus über ICQ Ok hab ich gemacht Code:
ATTFilter ComboFix 10-07-11.07 - *** 12.07.2010 19:16:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3037.2127 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-12 bis 2010-07-12 ))))))))))))))))))))))))))))))
.
2010-07-12 17:21 . 2010-07-12 17:21 -------- d-----w- c:\users\***\AppData\Local\temp
2010-07-12 17:21 . 2010-07-12 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-12 16:39 . 2010-07-12 16:39 -------- d-----w- C:\_OTL
2010-07-11 19:30 . 2010-07-11 19:30 -------- d-----w- c:\users\***\AppData\Local\VMware
2010-07-11 19:05 . 2010-02-25 15:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-07-11 19:05 . 2010-07-11 19:05 -------- d-----w- c:\program files\S.A.D
2010-07-11 18:33 . 2010-07-11 20:00 -------- d-----w- c:\users\***\AppData\Roaming\VMware
2010-07-11 18:28 . 2010-07-11 18:28 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-07-11 18:28 . 2010-07-11 18:28 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-07-11 18:28 . 2010-07-11 18:24 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-07-11 18:28 . 2010-07-11 18:24 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-07-11 18:28 . 2010-07-11 18:24 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-07-11 18:28 . 2010-07-11 18:24 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-07-11 18:28 . 2010-07-11 18:24 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-07-11 18:28 . 2010-07-11 18:24 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-07-11 18:28 . 2010-07-11 18:24 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-07-11 18:28 . 2010-07-11 18:24 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-07-11 18:27 . 2010-01-22 15:13 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-07-11 18:27 . 2010-01-22 15:13 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-07-11 18:27 . 2010-01-22 20:13 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-07-11 18:27 . 2010-01-22 20:13 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-07-11 18:27 . 2010-01-22 20:14 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-07-11 18:27 . 2010-01-22 15:13 51248 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-07-11 18:27 . 2010-01-22 15:13 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-07-11 18:27 . 2010-01-22 15:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-07-11 18:27 . 2010-01-22 20:13 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-07-11 18:26 . 2010-01-22 20:14 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-07-11 18:26 . 2010-07-11 18:26 -------- d-----w- c:\program files\Common Files\VMware
2010-07-11 18:25 . 2010-07-12 17:14 -------- d-----w- c:\programdata\VMware
2010-07-11 18:25 . 2010-07-11 18:25 -------- d-----w- c:\program files\VMware
2010-07-11 17:28 . 2010-07-11 17:35 -------- d-----r- c:\users\***\Virtual Machines
2010-07-11 17:24 . 2009-12-31 09:22 295936 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2010-07-11 17:24 . 2009-12-31 09:05 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2010-07-11 17:24 . 2009-12-31 09:05 3330560 ----a-w- c:\windows\system32\vpc.exe
2010-07-11 17:24 . 2009-12-31 06:48 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2010-07-11 17:22 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2010-07-11 17:22 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2010-07-11 17:22 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2010-07-11 17:22 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2010-07-11 17:22 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2010-07-11 17:22 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe
2010-07-11 17:22 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2010-07-11 17:20 . 2010-07-11 17:20 -------- d-----w- c:\program files\Windows XP Mode
2010-07-11 17:02 . 2010-07-11 17:02 -------- d-----w- c:\windows\system32\Wat
2010-07-10 16:24 . 2010-07-10 16:24 -------- d-----w- C:\rsit
2010-07-10 16:24 . 2010-07-10 16:24 -------- d-----w- c:\program files\trend micro
2010-07-10 16:10 . 2010-07-10 16:10 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-07-10 16:10 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 16:10 . 2010-07-10 16:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 16:10 . 2010-07-10 16:10 -------- d-----w- c:\programdata\Malwarebytes
2010-07-10 16:10 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 15:57 . 2010-07-10 15:57 -------- d-----w- c:\program files\CCleaner
2010-06-29 18:40 . 2010-06-29 18:40 -------- d-----w- c:\programdata\Raxco
2010-06-29 09:36 . 2010-06-29 09:36 -------- d-----w- c:\program files\MSXML 4.0
2010-06-27 10:36 . 2010-06-27 10:36 -------- d-----w- c:\users\***\AppData\Local\Yahoo!
2010-06-24 15:25 . 2010-06-24 15:35 -------- d-----w- C:\s-winprosa
2010-06-24 14:20 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-06-24 14:20 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-06-24 14:20 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-24 14:20 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-06-24 14:20 . 2010-06-24 14:20 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-24 14:09 . 2010-06-24 14:09 -------- d-----w- c:\users\***\AppData\Roaming\AnvSoft
2010-06-23 17:30 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 17:30 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 17:30 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 17:30 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 17:30 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 17:29 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 17:29 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 17:29 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-21 16:32 . 2010-06-26 11:08 -------- d-----w- c:\users\***\AppData\Local\Apple Computer
2010-06-21 16:31 . 2010-06-21 16:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-21 16:31 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-21 16:31 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-21 16:31 . 2010-06-21 16:31 -------- d-----w- c:\program files\iPod
2010-06-21 16:31 . 2010-06-21 16:31 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-21 16:31 . 2010-06-21 16:31 -------- d-----w- c:\program files\iTunes
2010-06-21 16:30 . 2010-06-21 16:31 -------- d-----w- c:\programdata\Apple Computer
2010-06-21 16:30 . 2010-06-21 16:31 -------- d-----w- c:\program files\QuickTime
2010-06-21 16:30 . 2010-06-21 16:30 -------- d-----w- c:\users\***\AppData\Local\Apple
2010-06-21 16:30 . 2010-06-21 16:30 -------- d-----w- c:\program files\Apple Software Update
2010-06-21 16:30 . 2010-06-21 16:30 -------- d-----w- c:\program files\Bonjour
2010-06-17 18:19 . 2010-06-17 18:19 -------- d-----w- c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 15:47 . 2010-06-15 15:47 -------- d-----w- c:\users\***\AppData\Roaming\AlcaTech
2010-06-15 15:47 . 2010-06-29 18:07 126464 ----a-w- c:\windows\system32\Setup.dll
2010-06-15 15:47 . 2010-06-15 15:47 -------- d-----w- c:\programdata\AlcaTech
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 17:19 . 2009-07-14 08:47 658724 ----a-w- c:\windows\system32\perfh007.dat
2010-07-12 17:19 . 2009-07-14 08:47 131850 ----a-w- c:\windows\system32\perfc007.dat
2010-07-12 16:50 . 2010-05-29 17:41 -------- d-----w- c:\users\***\AppData\Roaming\ICQ
2010-07-12 16:10 . 2010-05-27 14:44 -------- d-----w- c:\users\***\AppData\Roaming\GrabIt
2010-07-11 17:25 . 2010-07-11 17:25 -------- d-----w- c:\program files\Windows Virtual PC
2010-06-29 18:40 . 2010-05-27 15:13 -------- d-----w- c:\program files\Raxco
2010-06-29 18:08 . 2010-05-28 15:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 18:07 . 2010-05-27 15:20 -------- d-----w- c:\programdata\WindSolutions
2010-06-23 17:31 . 2010-06-05 15:45 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 16:37 . 2010-05-27 15:49 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2010-06-21 16:31 . 2010-05-27 15:34 -------- d-----w- c:\program files\Common Files\Apple
2010-06-21 13:24 . 2010-05-27 15:20 -------- d-----w- c:\users\***\AppData\Roaming\WindSolutions
2010-06-19 09:10 . 2010-05-27 14:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-16 19:03 . 2010-05-27 13:58 85744 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 09:45 . 2010-06-12 09:45 -------- d-----w- c:\users\***\AppData\Roaming\Adobe Mini Bridge CS5
2010-06-12 09:45 . 2010-06-12 09:45 -------- d-----w- c:\users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-06-12 09:34 . 2010-06-12 09:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-12 09:31 . 2010-05-27 14:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-12 09:29 . 2010-06-12 09:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 12:27 . 2010-05-29 17:40 -------- d-----w- c:\program files\ICQ7.1
2010-06-09 18:32 . 2010-06-09 18:28 -------- d-----w- c:\program files\VstPlugins
2010-06-09 18:30 . 2010-06-09 18:30 -------- d-----w- c:\program files\ASIO4ALL v2
2010-06-09 18:28 . 2010-06-09 18:26 -------- d-----w- c:\program files\Image-Line
2010-06-09 18:28 . 2010-06-09 18:28 -------- d-----w- c:\program files\Outsim
2010-06-07 19:45 . 2010-06-07 19:45 -------- d-----w- c:\users\***\AppData\Roaming\MyVideoDownloader
2010-06-05 15:47 . 2010-06-05 15:41 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 15:46 . 2010-06-05 15:46 -------- d-----w- c:\program files\Microsoft Works
2010-05-29 17:51 . 2010-05-29 17:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-29 17:41 . 2010-05-29 17:41 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-29 17:41 . 2010-05-29 17:41 -------- d-----w- c:\programdata\ICQ
2010-05-28 15:20 . 2010-05-28 15:16 -------- d-----w- c:\users\***\AppData\Roaming\DAEMON Tools Lite
2010-05-28 15:17 . 2010-05-28 15:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-28 15:17 . 2010-05-28 15:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-28 15:16 . 2010-05-28 15:16 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-05-27 15:48 . 2010-05-27 15:34 -------- d-----w- c:\programdata\Apple
2010-05-27 15:22 . 2010-05-27 15:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-27 15:07 . 2010-05-27 15:07 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2010-05-27 15:03 . 2010-05-27 15:03 -------- d-----w- c:\programdata\Avira
2010-05-27 15:03 . 2010-05-27 15:03 -------- d-----w- c:\program files\Avira
2010-05-27 14:34 . 2010-05-27 14:28 -------- d-----w- c:\programdata\NOS
2010-05-27 14:32 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-27 14:29 . 2010-05-27 14:04 -------- d-----w- c:\programdata\NVIDIA
2010-05-27 14:26 . 2010-05-27 14:26 -------- d-----w- c:\program files\GrabIt
2010-05-27 14:26 . 2010-05-27 14:26 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-27 13:55 . 2010-05-27 13:55 -------- d-sh--we c:\programdata\Vorlagen
2010-05-27 13:55 . 2010-05-27 13:55 -------- d-sh--we c:\programdata\Startmenü
2010-05-27 13:55 . 2010-05-27 13:55 -------- d-sh--we c:\programdata\Favoriten
2010-05-27 13:55 . 2010-05-27 13:55 -------- d-sh--we c:\programdata\Dokumente
2010-05-27 13:55 . 2010-05-27 13:55 -------- d-sh--we c:\programdata\Anwendungsdaten
2010-05-27 13:55 . 2010-05-27 13:55 -------- d-sh--we c:\program files\Gemeinsame Dateien
2010-05-27 09:44 . 2010-05-27 09:44 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-05-27 07:24 . 2010-06-12 07:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-12 07:29 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-05-27 14:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-12 07:29 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-01 14:49 . 2010-06-12 07:29 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-27 14:08 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-19 18:47 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 10:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2009-11-23 19:40 70144 ----a-w- c:\windows\System32\mmrtkrnl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-01-22 20:13 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-11 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-28 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-06-25 2398856]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-01-22 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\iwz2o6r4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\users\***\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Halo2 - c:\users\***\AppData\Local\Temp\sshnas21.dll
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-12 19:22:43
ComboFix-quarantined-files.txt 2010-07-12 17:22
Vor Suchlauf: 9 Verzeichnis(se), 101.335.752.704 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 101.252.939.776 Bytes frei
- - End Of File - - E9A48AA50BD5B9FDFAA0922D52C29AC6
|
|
12.07.2010, 19:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus über ICQ Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2010, 19:58
| #9 |
| | Trojaner/Virus über ICQ Scheint OK zu sein... Code:
ATTFilter MBR Status
OK (Dos/Win32 Boot code found)
|
|
12.07.2010, 20:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus über ICQ Auch das ist gut. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2010, 20:21
| #11 |
| |  Trojaner/Virus über ICQ Schon wieder?  na gut xD Also siehts gut aus für mich? |
|
12.07.2010, 21:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus über ICQ Ja, Kontrolle ist immer besser. Entscheidend ist aber, dass Du beide Tools vorher updatest.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2010, 15:01
| #13 |
| |  Trojaner/Virus über ICQ Ok hier sind nochmal die Vollscans: Malwarebyte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4306
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.07.2010 21:54:19
mbam-log-2010-07-12 (21-54-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 205043
Laufzeit: 36 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/13/2010 at 02:19 PM
Application Version : 4.40.1002
Core Rules Database Version : 5186
Trace Rules Database Version: 2998
Scan type : Complete Scan
Total Scan Time : 00:40:40
Memory items scanned : 297
Memory threats detected : 0
Registry items scanned : 7231
Registry threats detected : 0
File items scanned : 86919
File threats detected : 12
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@gamecenter.oberon-media[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@oberon-media[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@2o7[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
|
|
13.07.2010, 15:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus über ICQ Da waren nur noch Cookies - harmlos! Rechner wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2010, 16:27
| #15 |
| |  Trojaner/Virus über ICQ Ja ich denk schon Viiieeeelen Dank nochmal   |
|
| Themen zu Trojaner/Virus über ICQ |
| 32 bit, 32-bit, adobe, agere systems, antivir, antivir guard, avg, avgntflt.sys, avira, backdoor, bho, bonjour, broken.opencommand, browser, desktop, diagnostics, entfernen, explorer, home, home premium, installation, instant messanger, link geklickt, local\temp, logfile, malwarebytes' anti-malware, mozilla, notepad.exe, object, programdata, registry, rundll, software, sptd.sys, system, temp, trojaner, trojaner/virus, virus, vista, vista 32, vista 32 bit, windows 7 home, windows 7 home premium, wscript.exe |
Linear-Darstellung
