| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Animalware - LogsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2010, 20:41
| #1 |
 |  Animalware - Logs Hallo, habe mir vorhin den animalware doctor eingefangen,- wenn ich nur wüsste wo ! rkill habe ich mehrmals laufen lassen, allerdings ist damit das Problem noch nicht behoben. der Antivir Prozess wird immer wieder gekillt. Wie ist das mit PC ausmachen bzw. neustarten, geht das problemlos? Habe angst wenn ic hden pc ausmache, dann er dann nicht mehr geht ?! Was macht so ein Programm, sendet es Daten von mir o.ä.?? Hier ist meine Auswertung von OTL ich hoffe ihr könnt damit etwas anfangen! OTL logfile created on: 19.07.2010 21:12:46 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\*\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 46,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 308,25 Gb Total Space | 278,50 Gb Free Space | 90,35% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 135,27 Gb Free Space | 92,35% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 7,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *-VAIO Current User Name: * Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV:64bit: - (GtDetectSc) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\drivers\gt72ubus.sys (Option N.V.) DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\drivers\gtptser.sys (Option N.V.) DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\drivers\Gt51Ip.sys (Option N.V.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 18:29:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.27 18:37:44 | 000,000,000 | ---D | M] [2010.02.22 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2010.07.19 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\z6iju5va.default\extensions [2010.02.22 20:14:32 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\z6iju5va.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2010.02.22 20:11:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [070700Setup.exe] C:\Users\*\AppData\Roaming\30491991E4DFA58163AFE721AD16A1C9\070700Setup.exe (MS) O4 - HKCU..\Run: [ckxmjssb] C:\Users\*\AppData\Local\iblnrdncx\hekviiltssd.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Users\*\AppData\Roaming\30491991E4DFA58163AFE721AD16A1C9\070700Setup.exe (MS) O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = C:\Program Files (x86)\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.16 05:47:54 | 000,451,856 | R--- | M] (Electronic Arts, Inc.) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2010.02.16 05:47:52 | 000,000,000 | R--D | M] - G:\Autorun -- [ UDF ] O32 - AutoRun File - [2010.02.16 05:47:56 | 005,449,216 | R--- | M] () - G:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2010.02.16 05:47:40 | 000,000,148 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{295541fe-186c-11df-b4f2-60380e05ecba}\Shell - "" = AutoRun O33 - MountPoints2\{295541fe-186c-11df-b4f2-60380e05ecba}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found O33 - MountPoints2\{2a11d451-de6b-11de-898a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2a11d451-de6b-11de-898a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.02.16 05:47:54 | 000,451,856 | R--- | M] (Electronic Arts, Inc.) O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.19 21:11:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2010.07.19 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2010.07.19 21:01:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.19 21:01:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.19 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.07.19 21:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.19 21:00:04 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\mbam-setup.exe [2010.07.19 20:45:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\*\Desktop\HiJackThis204.exe [2010.07.19 20:36:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\iblnrdncx [2010.07.19 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\30491991E4DFA58163AFE721AD16A1C9 [2010.07.19 20:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdf24 [2010.07.19 20:10:33 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Tommy Jaud - Vollidiot [2010.07.12 20:15:43 | 096,768,824 | ---- | C] (Apple Inc.) -- C:\Users\*\Desktop\iTunesSetup.exe [2010.07.07 06:34:09 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.07.07 06:34:09 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.07.07 06:34:09 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.07.07 06:34:08 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.07.07 06:34:08 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.07.07 06:34:08 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.07.07 06:34:08 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.07.07 06:34:08 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.07.06 17:22:08 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\update [2010.06.23 17:23:52 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.06.23 17:23:02 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.06.23 17:23:02 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.06.23 17:23:01 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.06.23 17:23:01 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.06.23 17:23:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.06.23 17:23:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.06.23 17:23:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.19 21:18:34 | 002,097,152 | -HS- | M] () -- C:\Users\*\NTUSER.DAT [2010.07.19 21:11:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2010.07.19 21:10:33 | 000,000,259 | ---- | M] () -- C:\Users\*\Desktop\file.bat [2010.07.19 21:01:41 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.19 21:00:49 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\mbam-setup.exe [2010.07.19 20:56:36 | 000,363,520 | ---- | M] () -- C:\Users\*\Desktop\iExplore.exe [2010.07.19 20:54:42 | 000,363,520 | ---- | M] () -- C:\Users\*\Desktop\rkill.com [2010.07.19 20:45:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\*\Desktop\HiJackThis204.exe [2010.07.19 20:38:14 | 000,001,114 | ---- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk [2010.07.19 20:13:19 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.19 20:13:19 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.19 20:13:19 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.19 20:13:19 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.19 20:13:19 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.19 19:48:52 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.19 19:48:52 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.19 18:14:44 | 000,028,027 | ---- | M] () -- C:\Users\*\Desktop\info.codingcorner.wcf.mibbit_1.1.0.tar.gz [2010.07.19 18:02:18 | 000,664,064 | ---- | M] () -- C:\Users\*\Desktop\de.byte.newsletter.tar [2010.07.19 17:40:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.19 17:40:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.19 17:39:59 | 3195,289,600 | -HS- | M] () -- C:\hiberfil.sys [2010.07.16 06:09:01 | 005,263,853 | -H-- | M] () -- C:\Users\*\AppData\Local\IconCache.db [2010.07.15 21:14:22 | 000,105,984 | ---- | M] () -- C:\Users\*\Desktop\Sammelalbum_V3.2.xls [2010.07.14 18:29:14 | 000,010,828 | ---- | M] () -- C:\Users\*\Desktop\Schreiben neue User.docx [2010.07.13 19:47:55 | 000,106,496 | ---- | M] () -- C:\Users\*\Desktop\Sammelalbum_V3.2(2).xls [2010.07.12 20:26:16 | 096,768,824 | ---- | M] (Apple Inc.) -- C:\Users\*\Desktop\iTunesSetup.exe [2010.07.06 21:01:51 | 000,011,629 | ---- | M] () -- C:\Users\*\Desktop\Übersicht-Panini.xlsx [2010.07.06 20:09:38 | 000,125,694 | ---- | M] () -- C:\Users\*\Desktop\manager2010.zip [2010.07.04 10:59:55 | 006,680,570 | ---- | M] () -- C:\Users\*\Desktop\008-madcon_-_glow-drd.mp3 [2010.06.22 15:42:13 | 000,019,968 | ---- | M] () -- C:\Users\*\Desktop\Aktien.xls [2010.06.22 15:41:40 | 000,083,456 | ---- | M] () -- C:\Users\*\Desktop\Kalender1.xls [2010.06.21 05:58:06 | 000,478,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.19 21:10:33 | 000,000,259 | ---- | C] () -- C:\Users\*\Desktop\file.bat [2010.07.19 21:01:41 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.19 20:56:34 | 000,363,520 | ---- | C] () -- C:\Users\*\Desktop\iExplore.exe [2010.07.19 20:54:36 | 000,363,520 | ---- | C] () -- C:\Users\*\Desktop\rkill.com [2010.07.19 20:38:14 | 000,001,114 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk [2010.07.19 18:14:44 | 000,028,027 | ---- | C] () -- C:\Users\*\Desktop\info.codingcorner.wcf.mibbit_1.1.0.tar.gz [2010.07.19 18:02:11 | 000,664,064 | ---- | C] () -- C:\Users\*\Desktop\de.byte.newsletter.tar [2010.07.13 21:32:51 | 000,010,828 | ---- | C] () -- C:\Users\*\Desktop\Schreiben neue User.docx [2010.07.13 19:47:55 | 000,106,496 | ---- | C] () -- C:\Users\*\Desktop\Sammelalbum_V3.2(2).xls [2010.07.11 21:04:15 | 006,680,570 | ---- | C] () -- C:\Users\*\Desktop\008-madcon_-_glow-drd.mp3 [2010.07.06 20:24:02 | 000,105,984 | ---- | C] () -- C:\Users\*\Desktop\Sammelalbum_V3.2.xls [2010.07.06 20:09:37 | 000,125,694 | ---- | C] () -- C:\Users\*\Desktop\manager2010.zip [2010.07.06 19:21:33 | 000,011,629 | ---- | C] () -- C:\Users\*\Desktop\Übersicht-Panini.xlsx [2009.12.01 13:58:15 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 864 bytes -> C:\Users\Public\Documents\Angebot zur Vertragsverlängerung.eml:OECustomProperty < End of report > |
|
20.07.2010, 04:54
| #2 |
| | Animalware - Logs Doppelpost bitte löschen.
__________________Geändert von c0bra (20.07.2010 um 05:10 Uhr) Grund: Doppepost, bitte löschen :( |
|
20.07.2010, 04:56
| #3 |
| | Animalware - Logs habe leider keine editier funktion gefunden, deswegen hier meine malware log:
__________________Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4327 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.07.2010 05:43:34 mbam-log-2010-07-20 (05-43-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 285829 Laufzeit: 1 Stunde(n), 12 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckxmjssb (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Torsten\AppData\Roaming\30491991E4DFA58163AFE721AD16A1C9\070700Setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Gamers.IRC\bin\dll\nHTMLn_2.95.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O4FX0C8\ggbrzx[1].htm (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O4FX0C8\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW0DMVTD\kksahc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB1NCCKZ\070700Setup[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\Temp\1fce9f9a.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\Temp\uhedyvt.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Torsten\AppData\Local\iblnrdncx\hekviiltssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4327 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.07.2010 05:43:26 mbam-log-2010-07-20 (05-43-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 285829 Laufzeit: 1 Stunde(n), 12 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken. HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Agent.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckxmjssb (Rogue.AntivirusSuite.Gen) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Torsten\AppData\Roaming\30491991E4DFA58163AFE721AD16A1C9\070700Setup.exe (Trojan.Agent.Gen) -> No action taken. C:\Users\Public\Documents\Gamers.IRC\bin\dll\nHTMLn_2.95.dll (Trojan.Agent) -> No action taken. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O4FX0C8\ggbrzx[1].htm (Adware.BHO) -> No action taken. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O4FX0C8\kksaupwr[1].htm (Trojan.Dropper) -> No action taken. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW0DMVTD\kksahc[1].htm (Trojan.Dropper) -> No action taken. C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB1NCCKZ\070700Setup[1].exe (Trojan.Agent.Gen) -> No action taken. C:\Users\Torsten\AppData\Local\Temp\1fce9f9a.tmp (Trojan.Dropper) -> No action taken. C:\Users\Torsten\AppData\Local\Temp\uhedyvt.exe (Adware.BHO) -> No action taken. C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken. C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken. C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken. C:\Users\Torsten\AppData\Local\iblnrdncx\hekviiltssd.exe (Rogue.AntivirusSuite.Gen) -> No action taken. Danke im Voraus für Eure Hilfe ! |
|
20.07.2010, 04:56
| #4 |
| | Animalware - Logs Hier noch meine ZHPDiag Auswertung: Kann nur über den Firefox ins Internet, IE Wird geblockt, ansonsten sieht es gut gut aus. Rapport de ZHPDiag v1.25.1355 par Nicolas Coolman Run by Torsten at 20.07.2010 06:07:41 Web site : hxxp://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 MFIE: Mozilla Firefox (3.6.3) ---\\ System Information Platform : Windows 7 Home Premium (6.1.7600) Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4063 MB (62% free) System drive C: has 279 GB (90%) free of 308 GB ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 279 Go of 308 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 135 Go of 146 Go) E:\ Floppy drive, Flash card reader, USB Key (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations ---\\ Running Processes [MD5.A76E320727E68B366046708A833CEB5B] - (.Sony Corporation - No comment.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288] [MD5.85A03EF25979CDC543D6FEADA36E28A4] - (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304] [MD5.F6EA75A95BE7580273F6F4437E58A508] - (.Sony Corporation - Marketing Tools.) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624] [MD5.F91F52F4EA5D88DAB6245682A16F3A72] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272] [MD5.DB1DB28467111A24664933AB8908CBCE] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [952768] [MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280] [MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [209153] [MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072] [MD5.FFAAB225A3451D26BAC4435FA4A491F7] - (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\pdf24\pdf24.exe [199488] [MD5.2EED49941F8E8D35F0D50BDC83206293] - (.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe [172792] ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=explorer.exe ---\\ Internet Explorer Search Page (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\SysWOW64\ieframe.dll ---\\ Browser Helper Objects (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Unknown owner - No comment.) -- (.not file.) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll ---\\ Auto loading programs from Registry (O4) O4 - HKLM\..\Run: [ISBMgr.exe] . (.Sony Corporation - No comment.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [MarketingTools] . (.Sony Corporation - Marketing Tools.) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Run: [PDFPrint] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files (x86)\pdf24\pdf24.exe O4 - HKCU\..\Run: [ICQ] . (.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe O4 - Global Startup: Bluetooth.lnk . (.Unknown owner - No comment.) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe O4 - Global Startup: web'n'walk Manager.lnk . (.Unknown owner - No comment.) -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe O4 - Global Startup: GlobeTrotter Connect.lnk . (.Unknown owner - No comment.) -- C:\Program Files (x86)\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe ---\\ Extra items in the IE right-click menu (O8) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... . (.Unknown owner - No comment.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll O8 - Extra context menu item: Nach Microsoft E&xel exportieren . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~1\Office12\EXCEL.exe O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... . (.Unknown owner - No comment.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} . (.not file.) - ,1040 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Unknown owner - No comment.) -- C:\PROGRA~2\MICROS~1\Office12\REFBARH.ICO O9 - Extra button: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Unknown owner - No comment.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} . (.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe ---\\ Extra protocols and protocol Hijackers (O18) O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: VESWinlogon . (.Sony Corporation - VAIO Event Service (Winlogon Notification M.) -- C:\Windows\System32\VESWinlogon.dll ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ---\\ Installierte Komponenten (ActiveSetup Installed Components) (O40) O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Unknown owner - No comment.) -- "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r12.) -- C:\Windows\SysWow64\Macromed\Flash\Flash10a.ocx ---\\ Installierte Programme (O42) O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Photoshop Elements 7.0 - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Premiere Elements 7.0 - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Reader 9.3.2 - Deutsch - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: ArcSoft Magic-i Visual Effects 2 - (.ArcSoft.) [HKLM] O42 - Logiciel: ArcSoft WebCam Companion 3 - (.ArcSoft.) [HKLM] O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] O42 - Logiciel: Click to Disc - (.Sony Corporation.) [HKLM] O42 - Logiciel: Click to Disc Editor - (.Sony Corporation.) [HKLM] O42 - Logiciel: Command & Conquer™ 4 Tiberian Twilight - (.Electronic Arts.) [HKLM] O42 - Logiciel: CommunityGadget Creator 2 - (.Dennis Alexander Petrasch.) [HKLM] O42 - Logiciel: Compatibility Pack für 2007 Office System - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Einstellungen für VAIO-Inhaltsüberwachung - (.Sony Corporation.) [HKLM] O42 - Logiciel: GIMP 2.6.8 - (.Unknown owner.) [HKLM] O42 - Logiciel: ICQ6.5 - (.ICQ.) [HKLM] O42 - Logiciel: ICQ7 - (.ICQ.) [HKLM] O42 - Logiciel: Java(TM) 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Kalender-Excel 8.6.1 - (.MSDatec.) [HKLM] O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Access MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Excel MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Groove MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office InfoPath MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office OneNote MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Outlook MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office PowerPoint MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Italian) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Publisher MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Shared MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Word MUI (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft SQL Server Compact 3.5 SP1 English - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Mozilla Firefox (3.6.3) - (.Mozilla.) [HKLM] O42 - Logiciel: MusicStation - (.Omnifone.) [HKLM] O42 - Logiciel: PDF24 Creator - (.PDF24.org.) [HKLM] O42 - Logiciel: Phase 5 HTML-Editor - (.Systemberatung Schommer.) [HKLM] O42 - Logiciel: Realtek HDMI Audio Driver for ATI - (.Realtek Semiconductor Corp..) [HKLM] O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] O42 - Logiciel: Roxio Central Audio - (.Roxio.) [HKLM] O42 - Logiciel: Roxio Central Copy - (.Roxio.) [HKLM] O42 - Logiciel: Roxio Central Core - (.Roxio.) [HKLM] O42 - Logiciel: Roxio Central Data - (.Roxio.) [HKLM] O42 - Logiciel: Roxio Central Tools - (.Roxio.) [HKLM] O42 - Logiciel: Roxio Easy Media Creator 10 LJ - (.Roxio.) [HKLM] O42 - Logiciel: Roxio Easy Media Creator Home - (.Roxio.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982312) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982331) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB982308) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB972363) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB982124) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB982135) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] O42 - Logiciel: Setting Utility Series - (.Sony Corporation.) [HKLM] O42 - Logiciel: Skype™ 4.2 - (.Skype Technologies S.A..) [HKLM] O42 - Logiciel: Sony Home Network Library - (.Sony Corporation.) [HKLM] O42 - Logiciel: Sony Picture Utility - (.Sony Corporation.) [HKLM] O42 - Logiciel: Unterstützung für VAIO-Präsentation - (.Sony Corporation.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb983486) - (.Microsoft.) [HKLM] O42 - Logiciel: Update für Microsoft Office Excel 2007 Help (KB963678) - (.Microsoft.) [HKLM] O42 - Logiciel: Update für Microsoft Office Outlook 2007 Help (KB963677) - (.Microsoft.) [HKLM] O42 - Logiciel: Update für Microsoft Office Powerpoint 2007 Help (KB963669) - (.Microsoft.) [HKLM] O42 - Logiciel: Update für Microsoft Office Word 2007 Help (KB963665) - (.Microsoft.) [HKLM] O42 - Logiciel: VAIO Content Metadata Intelligent Analyzing Manager - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Content Metadata Intelligent Network Service Manager - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Content Metadata Manager Settings - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Content Metadata XML Interface Library - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Control Center - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO DVD Menu Data Basic - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Data Restore Tool - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Energie Verwaltung - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Entertainment Platform - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Event Service - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO FW screensaver - (.Sony Europe.) [HKLM] O42 - Logiciel: VAIO Gate - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Marketing Tools - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Media plus - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Media plus Opening Movie - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Movie Story - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Movie Story Template Data - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Original Funktion Einstellungen - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Premium Partners 1.00 - (.Unknown owner.) [HKLM] O42 - Logiciel: VAIO Smart Network - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO Update 4 - (.Sony Corporation.) [HKLM] O42 - Logiciel: VAIO-Support für Übertragungen - (.Sony Corporation.) [HKLM] O42 - Logiciel: Windows Live Anmelde-Assistent - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live-Uploadtool - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: eReg - (.Logitech, Inc..) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\ATI] [HKCU\Software\Alastria Software] [HKCU\Software\Alps] [HKCU\Software\Altium (Dream VCL)] [HKCU\Software\America Online] [HKCU\Software\AppDataLow] [HKCU\Software\ArcSoft] [HKCU\Software\Avira] [HKCU\Software\Caphyon] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Electronic Arts] [HKCU\Software\FTPRush] [HKCU\Software\FlashFXP] [HKCU\Software\FujiUnbrandedOnlineOnly] [HKCU\Software\Google] [HKCU\Software\IGA] [HKCU\Software\IM Providers] [HKCU\Software\JavaSoft] [HKCU\Software\Leadertech] [HKCU\Software\Licenses] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Logitech] [HKCU\Software\Macromedia] [HKCU\Software\MainConcept] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PDFPrint] [HKCU\Software\Policies] [HKCU\Software\Realtek] [HKCU\Software\Skype] [HKCU\Software\Sony Corporation] [HKCU\Software\TeamViewer] [HKCU\Software\Trolltech] [HKCU\Software\Valve] [HKCU\Software\Widcomm] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\adobe] [HKCU\Software\iMacros] [HKCU\Software\mIRC] [HKLM\Software\781] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\AVSolution] [HKLM\Software\AVSuitE] [HKLM\Software\Adobe] [HKLM\Software\America Online] [HKLM\Software\ArcSoft] [HKLM\Software\Avira] [HKLM\Software\CDDB] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Debug] [HKLM\Software\Electronic Arts] [HKLM\Software\FujiUnbrandedOnlineOnly] [HKLM\Software\Fujifilm] [HKLM\Software\GPL Ghostscript] [HKLM\Software\Google] [HKLM\Software\ICQ] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Landesfinanzdirektion Thüringen] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\McAfeeInstaller] [HKLM\Software\Mirabilis] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\OldTimer Tools] [HKLM\Software\PDFPrint] [HKLM\Software\Policies] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Roxio] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\Sony Corporation] [HKLM\Software\TeamViewer] [HKLM\Software\TrendMicro] [HKLM\Software\Valve] [HKLM\Software\Windows] [HKLM\Software\X-AVCSD] [HKLM\Software\ffffffff] [HKLM\Software\illiminable] [HKLM\Software\mozilla.org] [HKLM\Software\optimidata] ---\\ Inhalte der gemeinsamen Dateien (O43) O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ArcSoft O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Avira O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\CommunityGadget Creator O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ElsterFormular O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\GIMP-2.0 O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Google O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ICQ6.5 O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ICQ7.0 O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Intel O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Java O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Synchronization Services O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Visual Studio O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Works O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MusicStation O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\pdf24 O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\phase5 O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\QS O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Realtek O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Roxio O43 - CFD:Common File Directory R---D- C:\Program Files (x86)\Skype O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Sony O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Sony Corporation O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\T-Mobile O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\Temp O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\VAIO FW screensavers O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Defender O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Mail O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows NT O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Portable Devices O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Sidebar O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ZHPDiag O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\ArcSoft O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\LogiShrd O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Macrovision Shared O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\PX Storage Engine O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Roxio Shared O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Services O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Skype O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Sonic Shared O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Sony Shared O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Steam O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\System O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Windows Live ---\\ Zuletzt veränderte und erstellte Dateien in Windows und System32 (O44) O44 - LFC:[MD5.D0168585637658EE21C4C5384D1A5521] - 20.07.2010 - 05:07:03 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\PerfStringBackup.TMP [1500262] O44 - LFC:[MD5.00000000000000000000000000000000] - 20.07.2010 - 05:04:45 ---A- . (.Unknown owner - No comment.) -- C:\Windows\WindowsUpdate.log [1242194] O44 - LFC:[MD5.587EB8B129E83F4232BB7BAC4F2CD083] - 20.07.2010 - 05:00:23 ---A- . (.Unknown owner - No comment.) -- C:\Windows\setupact.log [32222] O44 - LFC:[MD5.8D045A822FD55511C9923C87FD9086AE] - 20.07.2010 - 05:00:22 -S-A- . (.Unknown owner - No comment.) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.341F758C0AD41DD3940D48F603DAF73C] - 20.07.2010 - 05:00:15 ---A- . (.Unknown owner - No comment.) -- C:\Windows\PFRO.log [393090] O44 - LFC:[MD5.29B6A421C4988E4F19EE7E0944C38B4C] - 20.07.2010 - 04:59:20 ---A- . (.Unknown owner - No comment.) -- C:\rkill.log [359] O44 - LFC:[MD5.10B4AA0C2FDF1EE53AFCC41A6AEAA65B] - 19.07.2010 - 19:36:08 ---A- . (.Unknown owner - No comment.) -- C:\Windows\srun.log [12] O44 - LFC:[MD5.C77A04E924FC1304D8A5FE0AFAA10EC5] - 19.07.2010 - 19:13:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\PerfStringBackup.INI [1472002] O44 - LFC:[MD5.B51E9EC6CCA03D9B20ECCD7D9CF18F86] - 19.07.2010 - 19:13:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfc007.dat [126394] O44 - LFC:[MD5.C6F145E3793460A56028E54B6A084431] - 19.07.2010 - 19:13:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfc009.dat [103568] O44 - LFC:[MD5.626E5BBD745D979E13BB416AF26F61EF] - 19.07.2010 - 19:13:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfh007.dat [643866] O44 - LFC:[MD5.08CE9D1E38ABB5E24C9B53ABFE5D454F] - 19.07.2010 - 19:13:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfh009.dat [607190] O44 - LFC:[MD5.0000F0E1CDD6285FC70AE38CEF121EBA] - 21.06.2010 - 04:58:06 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\FNTCACHE.DAT [478664] ---\\ Ausgeführte Handlungen beim Start von Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{295541fe-186c-11df-b4f2-60380e05ecba}\Shell\AutoRun\command. (.Unknown owner - No comment.) -- D:\setup.exe AUTORUN=1 (.not file.) O51 - MPSK:{2a11d451-de6b-11de-898a-806e6f6e6963}\Shell\AutoRun\command. (.Electronic Arts, Inc. - Autorun program.) -- G:\Autorun.exe ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\SysWOW64\l3codeca.acm" . (.Unknown owner - No comment.) -- (.not file.) O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak(C) Codec.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \drivers.desc\"C:\Windows\SysWOW64\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Unknown owner - No comment.) -- (.not file.) ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\Policies\Explorer] - "ForceActiveDesktopOn"=0 ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14.07.2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 14.07.2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14.07.2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 14.07.2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys O58 - SDL:[MD5.56BD886820C4AEDF493CFCDF1CCFB004] - 03.08.2009 - 21:06:34 ---A- . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\system32\drivers\Apfiltr.sys O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys O58 - SDL:[MD5.C130BC4A51B1382B2BE8E44579EC4C0A] - 26.05.2009 - 14:32:04 ---A- . (.ArcSoft, Inc. - For X64.) -- C:\Windows\system32\drivers\ArcSoftKsUFilter.sys O58 - SDL:[MD5.DE0EDE41BC530F1759C6FFFCB8C7A0CF] - 27.07.2009 - 21:22:05 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys O58 - SDL:[MD5.C30B5FC0ADCDFBA7668E99BAF0CBF58E] - 25.11.2009 - 11:19:02 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10.06.2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10.06.2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10.06.2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14.07.2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Brother Schnittstellentreiber (WDM) (seriell).) -- C:\Windows\system32\drivers\BrSerId.sys O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10.06.2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10.06.2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10.06.2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys O58 - SDL:[MD5.6BCFDC2B5B7F66D484486D4BD4B39A6B] - 03.08.2009 - 21:14:10 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\Windows\system32\drivers\btwaudio.sys O58 - SDL:[MD5.82DC8B7C626E526681C1BEBED2BC3FF9] - 03.08.2009 - 21:14:10 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\Windows\system32\drivers\btwavdt.sys O58 - SDL:[MD5.6149301DC3F81D6F9667A3FBAC410975] - 03.08.2009 - 21:13:42 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\Windows\system32\drivers\btwl2cap.sys O58 - SDL:[MD5.28E105AD3B79F440BF94780F507BF66A] - 03.08.2009 - 21:14:11 ---A- . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\Windows\system32\drivers\btwrchid.sys O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10.06.2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14.07.2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14.07.2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10.06.2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys O58 - SDL:[MD5.DD57207E4742300CE2727400B21D0230] - 11.06.2009 - 15:22:30 ---A- . (.Option N.V. - NDIS driver.) -- C:\Windows\system32\drivers\Gt51Ip.sys O58 - SDL:[MD5.DDD79FDCC5DE474E23F94E95625C79AA] - 11.06.2009 - 15:23:16 ---A- . (.Option N.V. - No comment.) -- C:\Windows\system32\drivers\gt72ubus.sys O58 - SDL:[MD5.D1735D174FA4D42978BC0CF1EDCE85D5] - 11.06.2009 - 15:22:44 ---A- . (.Option N.V. - No comment.) -- C:\Windows\system32\drivers\gtptser.sys O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10.06.2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14.07.2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys O58 - SDL:[MD5.1D004CB1DA6323B1F55CAEF7F94B61D9] - 04.06.2009 - 17:54:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStor.sys O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 14.07.2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14.07.2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys O58 - SDL:[MD5.50D3B6FBDA64721CC5D9E18D90B50422] - 10.11.2009 - 12:52:44 ---A- . (.Logitech, Inc. - Logitech Equad USB Driver..) -- C:\Windows\system32\drivers\LEqdUsb.sys O58 - SDL:[MD5.CB22746A724202EE29CC74823B7F6FD9] - 10.11.2009 - 12:52:52 ---A- . (.Logitech, Inc. - Logitech HID Filter Driver..) -- C:\Windows\system32\drivers\LHidEqd.sys O58 - SDL:[MD5.CEB6E18DCFAD5C72B81C7DA1AC3C1CC1] - 10.11.2009 - 12:53:00 ---A- . (.Logitech, Inc. - Logitech HID Filter Driver..) -- C:\Windows\system32\drivers\LHidFilt.Sys O58 - SDL:[MD5.F9E48F18BE4D2B365F138987B8E7885B] - 10.11.2009 - 12:53:16 ---A- . (.Logitech, Inc. - Logitech Mouse Filter Driver..) -- C:\Windows\system32\drivers\LMouFilt.Sys O58 - SDL:[MD5.64AEB5790901EA8854884981F104CAA6] - 03.05.2010 - 19:52:40 ---A- . (.Logitech, Inc. - Logitech Non-Plug and Play Driver..) -- C:\Windows\system32\drivers\LNonPnP.sys O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14.07.2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14.07.2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14.07.2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14.07.2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys O58 - SDL:[MD5.A1DDE89DD3AF82CF5CB0E07F22BFF9BC] - 29.04.2010 - 11:19:14 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14.07.2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14.07.2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys O58 - SDL:[MD5.705283C02177809CA9FA7CC58A4F1E77] - 05.06.2009 - 21:04:10 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw5v64.sys O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14.07.2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 14.07.2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 14.07.2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14.07.2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14.07.2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys O58 - SDL:[MD5.258AADB43E3F3468B5CF8CB0F84872C2] - 31.07.2009 - 21:13:51 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\system32\drivers\rimssn64.sys O58 - SDL:[MD5.71E182A0DE1CECB3F912960716345405] - 31.07.2009 - 21:14:14 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\system32\drivers\risdsn64.sys O58 - SDL:[MD5.34F05C417F038FFA3BEF69B798D7D7DD] - 24.07.2009 - 06:12:53 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RtHDMIVX.sys O58 - SDL:[MD5.B16FC828CE7A76A8F1CE682E6EAD2627] - 24.07.2009 - 05:34:15 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10.06.2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys O58 - SDL:[MD5.70F9C476B62DE4F2823E918A6C181ADE] - 11.06.2009 - 21:19:09 ---A- . (.Sony Corporation - Sony Firmware Extension Parser driver.) -- C:\Windows\system32\drivers\SFEP.sys O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14.07.2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14.07.2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14.07.2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14.07.2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14.07.2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys O58 - SDL:[MD5.6AFFD75C6807B3DD3AB018E27B88EF95] - 31.07.2009 - 21:02:03 ---A- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\Windows\system32\drivers\yk62x64.sys O58 - SDL:[MD5.7364D8A830F91C487F430A57FDBD2BBB] - 29.04.2010 - 11:19:24 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys O58 - SDL:[MD5.5EC550B8952882EE856B862CF648522D] - 11.05.2009 - 09:12:20 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\SysWOW64\drivers\ssmdrv.sys ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.) ---\\ Event Log Application (OEA) (O66) O66 - EventLog: ID=1002 (Application Hang) - (.Unknown owner - No comment.) -- C:\Program Files\WIDCOMM\Bluetooth Software O66 - EventLog: ID=1002 (Application Hang) - (.Unknown owner - No comment.) -- C:\Program Files (x86)\Microsoft Office\Office12 O66 - EventLog: ID=1002 (Application Hang) - (.Unknown owner - No comment.) -- C:\Users\Torsten\AppData\Local\Temp\Rar$EX00.872 (.not file.) O66 - EventLog: ID=11311 (MsiInstaller) - (.Unknown owner - No comment.) -- C:\Users\Torsten\AppData\Local O66 - EventLog: ID=33 (SideBySide) - (.Unknown owner - No comment.) -- C:\Windows ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Startprogramm für Ereignisanzeige-Snap-In.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registrierungs-Editor.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Startprogramm für Ereignisanzeige-Snap-In.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Registrierungs-Editor.) -- C:\Windows\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe End of the scan (568 lines in 00mn 10s) Geändert von c0bra (20.07.2010 um 05:09 Uhr) |
|
| Themen zu Animalware - Logs |
| adobe, alternate, antivir, autorun, avgntflt.sys, avira, bho, browser, components, error, explorer, firefox, firefox.exe, format, hijack, hijackthis, home, home premium, iastor.sys, location, logfile, mozilla, oldtimer, otl.exe, photoshop, plug-in, problem, programdata, programm, programme, prozess, realtek, registry, sched.exe, searchplugins, server, software, start menu, syswow64, webcheck, windows |
Linear-Darstellung
