| |
| |||||||
Alles rund um Windows: mit lsass.exe (i oder l?) befallen | Malwarebytes, OTL und Hijackthis log´sWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
30.08.2010, 06:01
| #1 | |
| |  Problem: mit lsass.exe (i oder l?) befallen | Malwarebytes, OTL und Hijackthis log´s Guten morgen Zusammen ! Vorab: Einfach klasse das Forum hier ! Spitzenmäßig  Zu mir: Mein Name ist Daniel(20J), IT-Assistent und komme aus dem schönen Reichshof (NRW, Oberbergischer Kreis). Nach 3 Jahren hab ich mir auch mal wieder was eingefangen... Habe warscheinlich genau das gleiche Problem, wie das folgende Mädel hier: http://www.trojaner-board.de/89783-n...-infected.html Mit HijackThis habe ich bereits mehrfach gearbeitet (PC´s von Kunden) und in den letzten drei Jahren auch immer 98% damit lösen können... Was ich bisher unternommen habe: 1.) Freundlichen Nachbarn gestern auf´m Kaffe besucht  2.) Beim Kaffee schlürfen HijackThis gezogen und bei mir übern USB-Stick im abgesicherten Modus gestartet 3.) infizierte Dateien gefixt, dannach konnte ich auch wieder normal starten (bzw arbeiten). 4.) PC lief wieder, alles top  (Ich musste zur Nachtschicht und konnte nicht weiter ausführlich testen)So, jetzt bin ich gerade von der Arbeit gekommen und fange bei Punkt 1 wieder an   (Ja, ist nen guter Informatikerkaffe geworden: Löffel steht  )Allerdings habe ich beim umrühren gerade fest gestellt, dass sich immerwieder der IE öffnet und mich mit Werbung zumüllt (nein, ist nicht mein Standardbrowser => bin ein Freund von Mozilla-Produkten  )Und mein Antivir sich von geisterhand deaktiviert wie er Lust hat (die Feige SAU hat übrigens von Anfang an seinen Dienst quittiert) mit HijackThis habe ich gestern folgendes gefixt: Zitat:
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4504
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.08.2010 06:10:55
mbam-log-2010-08-30 (06-10-55).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145219
Laufzeit: 3 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 18
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.Palevo) -> Data: c:\users\daniel\appdata\roaming\lsass.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\Daniel\AppData\Roaming\lsass.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Daniel\AppData\Roaming\CDxYNbiCoMTi.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\ibecRahrAHHG.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\IEBIYIpNhJIo.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\KkgGPXfvNYDG.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\lsass.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\mkhwOtRSTnxE.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\nqmtKJmjqhAL.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\pdKWyUsAvyoD.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\prfyHfANhmHU.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\UFUWDOQUEHpE.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\Yhj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\ylhsguwr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\Yhl.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Daniel\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\dial.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 06:10:01 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Daniel\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 354,98 Gb Free Space | 59,55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Daniel\AppData\Local\Temp\Yhl.exe (OpenSC Project) PRC - C:\Users\Daniel\AppData\Local\Temp\Yhk.exe (OpenSC Project) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD B2 E7 6D 34 BF CA 01 [binary data] IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.8.3 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.13 00:55:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.13 00:55:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.08.14 01:57:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.13 00:55:11 | 000,000,000 | ---D | M] [2009.12.15 14:14:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2009.12.15 14:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.29 06:06:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions [2010.03.23 17:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.02 12:29:25 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.06.13 13:26:23 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2010.08.28 06:42:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.04.08 16:14:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\DTToolbar@toolbarnet.com [2010.05.08 14:56:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\firebug@software.joehewitt.com [2009.12.18 08:11:29 | 000,002,055 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\daemon-search.xml [2010.08.24 08:39:34 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-1.xml [2010.06.30 14:57:16 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-2.xml [2010.07.23 11:43:26 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-3.xml [2010.07.25 15:01:17 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-4.xml [2010.03.23 17:33:57 | 000,000,168 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin.gif [2010.03.23 17:33:57 | 000,000,618 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin.src [2010.06.22 22:12:38 | 000,000,947 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin.xml [2009.12.16 01:04:11 | 000,002,061 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\qipsearch.xml [2010.08.28 15:47:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.12.18 07:54:36 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.05.19 13:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.27 05:52:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.26 02:50:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.03.12 10:43:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.12 10:43:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 10:43:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 10:43:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 10:43:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3:64bit: - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1668215537-835966737-2157124467-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1668215537-835966737-2157124467-1001..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.) O4 - HKU\S-1-5-21-1668215537-835966737-2157124467-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1668215537-835966737-2157124467-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1668215537-835966737-2157124467-1001..\Run: [XBV6RD5SZF] C:\Users\Daniel\AppData\Local\Temp\Yhl.exe (OpenSC Project) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Daniel\AppData\Roaming\lsass.exe) - C:\Users\Daniel\AppData\Roaming\lsass.exe (Copyright © executable file) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4c4836bd-eb9c-11de-a175-001fd09ab2e9}\Shell - "" = AutoRun O33 - MountPoints2\{4c4836bd-eb9c-11de-a175-001fd09ab2e9}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.30 06:04:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2010.08.30 06:04:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.30 06:04:41 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.30 06:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.30 06:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.28 14:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.08.28 09:20:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ElevatedDiagnostics [2010.08.28 06:33:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\bhdmfrrlt [2010.08.28 06:18:16 | 000,163,840 | ---- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\mkhwOtRSTnxE.exe [2010.08.28 06:18:14 | 000,077,312 | ---- | C] (CyberLink Corp.) -- C:\Users\Daniel\AppData\Roaming\nqmtKJmjqhAL.exe [2010.08.28 06:17:57 | 000,163,840 | ---- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\pdKWyUsAvyoD.exe [2010.08.28 06:17:56 | 000,077,312 | ---- | C] (CyberLink Corp.) -- C:\Users\Daniel\AppData\Roaming\CDxYNbiCoMTi.exe [2010.08.28 06:17:31 | 000,163,841 | RHS- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\lsass.exe [2010.08.28 06:17:30 | 000,163,840 | ---- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\IEBIYIpNhJIo.exe [2010.08.28 06:17:29 | 000,077,312 | ---- | C] (CyberLink Corp.) -- C:\Users\Daniel\AppData\Roaming\KkgGPXfvNYDG.exe [2010.08.28 06:17:21 | 000,225,280 | RHS- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\UFUWDOQUEHpE.exe [2010.08.28 06:17:21 | 000,225,280 | RHS- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\prfyHfANhmHU.exe [2010.08.28 06:17:21 | 000,225,280 | RHS- | C] (Copyright © executable file) -- C:\Users\Daniel\AppData\Roaming\ibecRahrAHHG.exe [2010.08.28 01:36:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\TS3Client [2010.08.28 01:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2010.08.27 05:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.18 05:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.08.18 03:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2010.08.17 16:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2010.08.17 15:04:15 | 000,000,000 | ---D | C] -- C:\Download [2010.08.17 15:03:52 | 000,000,000 | ---D | C] -- C:\Nexon [2010.08.17 15:03:51 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.08.13 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.08.13 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.07.30 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Compact Wireless-G USB Network Adapter with SpeedBooster [2010.07.27 23:48:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Wasserschaden Wohnung [2010.07.26 05:43:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\WarRock [2010.07.26 02:50:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\GamersFirst LIVE! [2010.07.26 02:50:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files [2010.07.26 02:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010.07.26 02:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010.07.26 02:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst [2010.06.27 23:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.06.16 22:25:16 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT [2010.06.06 20:13:15 | 000,000,000 | ---D | C] -- C:\OTR_Homeloader [2009.07.14 01:24:58 | 000,077,312 | ---- | C] (CyberLink Corp.) -- C:\Users\Daniel\AppData\Local\KBDert40.dll ========== Files - Modified Within 90 Days ========== [2010.08.30 06:11:09 | 003,145,728 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2010.08.30 06:04:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 05:48:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.30 03:48:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.30 00:10:45 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.30 00:10:45 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.30 00:03:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.30 00:03:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.30 00:03:03 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 16:45:08 | 001,403,249 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db [2010.08.28 14:53:13 | 000,002,093 | ---- | M] () -- C:\Users\Daniel\Desktop\HijackThis.lnk [2010.08.28 01:36:14 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.08.27 05:49:08 | 000,001,611 | ---- | M] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk [2010.08.27 05:49:01 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.17 16:38:22 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2010.08.17 15:03:51 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.08.13 00:55:07 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.13 00:40:01 | 000,428,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.11 07:15:28 | 001,507,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.11 07:15:28 | 000,660,686 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.11 07:15:28 | 000,613,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.11 07:15:28 | 000,131,748 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.11 07:15:28 | 000,108,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.30 12:43:29 | 000,000,610 | ---- | M] () -- C:\Windows\SysWow64\WLAN.INI [2010.07.26 05:32:08 | 000,681,984 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Injector.exe [2010.07.26 04:39:02 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk [2010.07.26 03:22:12 | 669,042,232 | ---- | M] () -- C:\Users\Daniel\Desktop\War_Rock_20100624.exe [2010.07.26 02:50:11 | 000,001,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2010.07.26 02:50:11 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2010.07.03 04:40:46 | 000,016,003 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Servicekraftfahrer.pdf [2010.07.03 04:40:03 | 000,018,298 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Fachinformatiker Systemintegration.pdf [2010.07.03 04:39:23 | 000,016,007 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Kraftfahrzeugmechatroniker NFZ.pdf [2010.07.03 04:36:53 | 000,014,543 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Karosserie- und Fahrzeugbaumechaniker.pdf [2010.07.03 04:36:17 | 000,015,579 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Elektroniker Energie und Gebäudetechnik.pdf [2010.07.03 04:22:36 | 000,018,585 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Kierdorf Anwendungsentwicklung.pdf [2010.07.03 04:22:02 | 000,016,058 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Kierdorf Systemintegration.pdf [2010.06.28 01:06:59 | 000,015,629 | ---- | M] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz 28-06-10.pdf [2010.06.16 22:26:15 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.06.16 22:26:15 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml ========== Files Created - No Company Name ========== [2010.08.30 06:04:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 14:53:13 | 000,002,093 | ---- | C] () -- C:\Users\Daniel\Desktop\HijackThis.lnk [2010.08.28 06:33:29 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 06:33:27 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.08.28 01:36:14 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.08.27 05:49:08 | 000,001,611 | ---- | C] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk [2010.08.27 05:49:01 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.17 16:38:22 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2010.08.13 00:55:07 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.07.26 05:22:41 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\chrtmp [2010.07.26 05:22:40 | 000,681,984 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Injector.exe [2010.07.26 04:39:02 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk [2010.07.26 02:50:45 | 669,042,232 | ---- | C] () -- C:\Users\Daniel\Desktop\War_Rock_20100624.exe [2010.07.26 02:50:11 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2010.07.26 02:50:11 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2010.07.03 04:40:46 | 000,016,003 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Servicekraftfahrer.pdf [2010.07.03 04:40:03 | 000,018,298 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Fachinformatiker Systemintegration.pdf [2010.07.03 04:39:23 | 000,016,007 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Kraftfahrzeugmechatroniker NFZ.pdf [2010.07.03 04:36:53 | 000,014,543 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Karosserie- und Fahrzeugbaumechaniker.pdf [2010.07.03 04:36:17 | 000,015,579 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Elektroniker Energie und Gebäudetechnik.pdf [2010.07.03 04:22:36 | 000,018,585 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Kierdorf Anwendungsentwicklung.pdf [2010.07.03 04:22:02 | 000,016,058 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz Kierdorf Systemintegration.pdf [2010.06.28 01:06:59 | 000,015,629 | ---- | C] () -- C:\Users\Daniel\Desktop\Ausbildungsplatz 28-06-10.pdf [2010.04.08 16:59:09 | 000,003,584 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.05 20:03:35 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.03.05 20:03:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009.12.15 16:10:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.09.22 05:32:28 | 000,000,610 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI ========== LOP Check ========== [2010.04.11 23:23:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\com.adobe.ExMan [2009.12.18 08:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite [2010.03.23 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0 [2010.08.30 03:27:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ [2009.12.29 04:03:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer [2009.12.15 14:14:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2010.08.28 01:38:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client [2010.08.30 00:03:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.08.18 03:10:43 | 000,000,000 | ---D | M](C:\Users\Daniel\Documents\?? ???) -- C:\Users\Daniel\Documents\넥슨 플러그 [2010.08.18 03:10:43 | 000,000,000 | ---D | C](C:\Users\Daniel\Documents\?? ???) -- C:\Users\Daniel\Documents\넥슨 플러그 < End of report > Dannach habe ich neu gebootet, alles gefixt. Bisher schaut auch alles sauber aus. Malewarebytes findet nichts mehr. Mein HijackThis Logfile sieht meiner Meinung nach auch sauber aus...?! Hier nun aktuelle OTL und HijackThis Logfile´s OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 06:24:49 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Daniel\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 354,98 Gb Free Space | 59,55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIEL-PC Current User Name: Daniel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\StructuredQuery.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\SearchFolder.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD B2 E7 6D 34 BF CA 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.8.3 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.13 00:55:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.13 00:55:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.08.14 01:57:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.13 00:55:11 | 000,000,000 | ---D | M] [2009.12.15 14:14:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2009.12.15 14:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.29 06:06:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions [2010.03.23 17:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.02 12:29:25 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.06.13 13:26:23 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2010.08.28 06:42:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.04.08 16:14:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\DTToolbar@toolbarnet.com [2010.05.08 14:56:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\sd793zbn.default\extensions\firebug@software.joehewitt.com [2009.12.18 08:11:29 | 000,002,055 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\daemon-search.xml [2010.08.24 08:39:34 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-1.xml [2010.06.30 14:57:16 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-2.xml [2010.07.23 11:43:26 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-3.xml [2010.07.25 15:01:17 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin-4.xml [2010.03.23 17:33:57 | 000,000,168 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin.gif [2010.03.23 17:33:57 | 000,000,618 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin.src [2010.06.22 22:12:38 | 000,000,947 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\icqplugin.xml [2009.12.16 01:04:11 | 000,002,061 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\sd793zbn.default\searchplugins\qipsearch.xml [2010.08.28 15:47:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.12.18 07:54:36 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.05.19 13:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.27 05:52:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.26 02:50:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.03.12 10:43:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.12 10:43:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 10:43:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 10:43:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 10:43:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4c4836bd-eb9c-11de-a175-001fd09ab2e9}\Shell - "" = AutoRun O33 - MountPoints2\{4c4836bd-eb9c-11de-a175-001fd09ab2e9}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.30 06:04:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2010.08.30 06:04:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.30 06:04:41 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.30 06:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.30 06:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.28 14:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.08.28 09:20:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ElevatedDiagnostics [2010.08.28 06:33:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\bhdmfrrlt [2010.08.28 01:36:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\TS3Client [2010.08.28 01:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2010.08.27 05:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.27 05:52:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.08.27 05:52:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.08.27 05:52:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.08.25 07:36:21 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.08.18 05:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.08.18 03:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2010.08.17 16:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2010.08.17 15:04:15 | 000,000,000 | ---D | C] -- C:\Download [2010.08.17 15:03:52 | 000,000,000 | ---D | C] -- C:\Nexon [2010.08.17 15:03:51 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.08.13 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.08.13 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.08.12 13:14:14 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.12 13:14:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.08.12 13:14:13 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.08.12 13:14:06 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.12 13:14:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.12 13:14:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.12 13:14:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.12 13:14:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.12 13:14:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.12 13:13:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.12 13:13:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.12 13:13:50 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2009.07.14 01:24:58 | 000,077,312 | ---- | C] (CyberLink Corp.) -- C:\Users\Daniel\AppData\Local\KBDert40.dll ========== Files - Modified Within 30 Days ========== [2010.08.30 06:25:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.30 06:25:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.30 06:17:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.30 06:17:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.30 06:17:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.30 06:17:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.08.30 06:16:34 | 003,145,728 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2010.08.30 06:16:15 | 001,635,487 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db [2010.08.30 06:04:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 05:48:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.28 14:53:13 | 000,002,093 | ---- | M] () -- C:\Users\Daniel\Desktop\HijackThis.lnk [2010.08.28 01:36:14 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.08.27 05:49:08 | 000,001,611 | ---- | M] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk [2010.08.27 05:49:01 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.17 16:38:22 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2010.08.17 15:03:51 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.08.13 00:55:07 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.13 00:40:01 | 000,428,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.11 07:15:28 | 001,507,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.11 07:15:28 | 000,660,686 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.11 07:15:28 | 000,613,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.11 07:15:28 | 000,131,748 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.11 07:15:28 | 000,108,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts ========== Files Created - No Company Name ========== [2010.08.30 06:04:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 14:53:13 | 000,002,093 | ---- | C] () -- C:\Users\Daniel\Desktop\HijackThis.lnk [2010.08.28 01:36:14 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.08.27 05:49:08 | 000,001,611 | ---- | C] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk [2010.08.27 05:49:01 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.17 16:38:22 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2010.08.13 00:55:07 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.07.26 05:22:40 | 000,681,984 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Injector.exe [2010.04.08 16:59:09 | 000,003,584 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.05 20:03:35 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.03.05 20:03:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009.12.15 16:10:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.09.22 05:32:28 | 000,000,610 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI ========== Files - Unicode (All) ========== [2010.08.18 03:10:43 | 000,000,000 | ---D | M](C:\Users\Daniel\Documents\?? ???) -- C:\Users\Daniel\Documents\넥슨 플러그 [2010.08.18 03:10:43 | 000,000,000 | ---D | C](C:\Users\Daniel\Documents\?? ???) -- C:\Users\Daniel\Documents\넥슨 플러그 < End of report > HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:00:19, on 30.08.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe O4 - Global Startup: SnagIt 9.lnk = C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12446 bytes DANKE für Hilfe im Voraus ! Gruß Daniel Geändert von Daniel2711 (30.08.2010 um 06:16 Uhr) |
|
30.08.2010, 16:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | mit lsass.exe (i oder l?) befallen | Malwarebytes, OTL und Hijackthis log´s Anleitung / Hilfe Moin,
__________________sieht aus, als wenn Du schon gute Arbeit gemacht hast. Hast Du auch mal einen Vollscan mit Malwarebytes gemacht? Wenn nicht mach das mal. Eigentlich reicht ein Quickscan aus, aber ich seh lieber Vollscans Denk dran, dass Du Malwarebytes vor jedem Scan updaten musst.
__________________ |
|
30.08.2010, 16:57
| #3 |
| | mit lsass.exe (i oder l?) befallen | Malwarebytes, OTL und Hijackthis log´s Details ja, danke für den Hinweiß !
__________________Warum muss man eigentlich wirklich jedes mal die Updates ziehen, speichert der die nicht lokal oder temporär ? was mich noch interessieren würde: 1.) Den Wurm den ich mir da eingefangen hab, was macht der eigentlich ? Bzw. hat er einen Zweck ? Stickwort: Backdoor ? (Weil auch ich nutze online banking und habe private Dateien auf´m PC gespeichert) 2.) Wie schaut´s allgemein bezüglich dessen aus: Bin ich einigermaßen abgesichert ? Also wie gesagt, nutze nur die free-version des Avira AntiVir (welcher ja garnicht geholfen hat). Kann mir vielleicht einer nen anderen empfehlen ? DANKE ! Gruß Daniel |
|
30.08.2010, 17:03
| #4 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lösung: mit lsass.exe (i oder l?) befallen | Malwarebytes, OTL und Hijackthis log´sZitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu mit lsass.exe (i oder l?) befallen | Malwarebytes, OTL und Hijackthis log´s |
| anfang, antivir, antivir guard, applaus, avgntflt.sys, avira, bho, components, desktop, document, drahtlos-802.11b/g-usb, error, firefox, firefox.exe, google, gupdate, helper, hijack, hijackthis, hängen, infizierte dateien, kunde, langs, local\temp, location, logfile, malwarebytes' anti-malware, menu.exe, mozilla thunderbird, object, oldtimer, otl.exe, pando media booster, pdf-datei, plug-in, problem, programdata, realtek, registrierungsschlüssel, registry, sched.exe, searchplugins, senden, software, sptd.sys, start menu, starten, system, syswow64, teamspeak, webcheck, werbung, windows |
Linear-Darstellung
