|
Log-Analyse und Auswertung: Trojan.Gen.Ml - Nicht entfernbar!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.10.2010, 17:18 | #16 | |
| Trojan.Gen.Ml - Nicht entfernbar! Zu Schritt 1 Wenn ich fragen darf was ist überhaupt dieses Zitat:
Und irgendwie bin ich blind sehe bei Systemsteuerung nicht "Software Deinstallieren" sehe nur z.B. "Programme Deinstallieren" aber da sehe ich nichts von desem Bit Torrent. Habe Windows Vista Home Premium 32 Bit PS: Screen im Anhang Sorry das es so schwer ist bei mir und das ich nicht so oft antworten kann. |
14.10.2010, 17:46 | #17 |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar! Dann mach einfach bei Schritt 2 weiter
__________________ |
16.10.2010, 11:40 | #18 |
| Trojan.Gen.Ml - Nicht entfernbar! Soll ich diesmal Anti Virus Programm anlassen ?
__________________Weil du weißt ja das Ergebnis von letzen -> Problem Detetcted -> runtergefahren ohne das er fertig war |
16.10.2010, 14:18 | #19 |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar! Du sollst einfach IMMER nach Anleitung arbeiten und wenn dabei etwas nicht klappt dann das Problem schildern. Falls steht AV programm deaktivieren dann mach es. Wenn nichts steht dann musst Du es nicht machen |
16.10.2010, 17:11 | #20 |
| Trojan.Gen.Ml - Nicht entfernbar! Hier Schritt 2 Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. D:\AUTORUN.INF moved successfully. Unable to delete ADS C:\Users\Name\Documents\clip0059.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0054.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0053.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0049.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0047.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0042.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0036.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0031.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0029.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0020.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0018.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0014.avi:TOC.WMV . Unable to delete ADS C:\Users\Name\Documents\clip0002.avi:TOC.WMV . ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 1976991 bytes ->Temporary Internet Files folder emptied: 1271724 bytes ->Java cache emptied: 1396192 bytes ->FireFox cache emptied: 56291564 bytes ->Flash cache emptied: 920 bytes User: Public User: Ricardo ->Temp folder emptied: 21976943 bytes ->Temporary Internet Files folder emptied: 2984754 bytes ->Java cache emptied: 20356794 bytes ->FireFox cache emptied: 208037336 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3514 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66016 bytes RecycleBin emptied: 120029456 bytes Total Files Cleaned = 414,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10162010_174249 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JET1016.tmp not found! Registry entries deleted on Reboot... Hier Schritt 3 Code:
ATTFilter RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6001 (Service Pack 1) Number of processors #2 ============================================== >Drivers ============================================== 0x8F606000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7524352 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.97 ) 0x8200E000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System) 0x8200E000 PnpManager 3903488 bytes 0x8200E000 RAW 3903488 bytes 0x8200E000 WMIxWDM 3903488 bytes 0x9060D000 C:\Windows\system32\drivers\RTKVHDA.sys 2129920 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver) 0xA84B0000 Win32k 2105344 bytes 0xA84B0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber) 0x91A02000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101015.053\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine) 0x8A607000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT-Dateisystemtreiber) 0x83001000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x83201000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver) 0x804C3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul) 0xB220D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x83326000 C:\Windows\System32\Drivers\dump_iaStor.sys 851968 bytes 0x82600000 C:\Windows\system32\DRIVERS\iaStor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32) 0xAB209000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor) 0x8FD33000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x82712000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x8ED7D000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 458752 bytes (Symantec Corporation, SPBBC Driver) 0xAB2B8000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel) 0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library) 0xA00A5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0x80732000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0xA005C000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20101007.001\IDSvix86.sys 299008 bytes (Symantec Corporation, IDS Core Driver) 0x90867000 C:\Windows\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect) 0x90973000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x80696000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT) 0x80482000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x805A3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x82783000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xA0008000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x8ED42000 C:\Windows\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor) 0x83137000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem) 0x8A716000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber) 0x8318B000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver) 0x8ECC6000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x823C7000 ACPI_HAL 208896 bytes 0x823C7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x826D0000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager) 0x909BB000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x807B5000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x90815000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x9090C000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver) 0x8310C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8EC85000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0xA0137000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x8A7AC000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x806ED000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator) 0x8A75B000 C:\Windows\System32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver) 0x90842000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x91B70000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library) 0x8EC0D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x83305000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x91BDE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0xA01A0000 C:\Program Files\Sandboxie\SbieDrv.sys 131072 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver) 0xA0103000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver) 0x8A781000 C:\Windows\System32\drivers\prohlp02.sys 114688 bytes (Protection Technology, StarForce Protection Helper Driver) 0x832EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0xA0185000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung) 0x827C1000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serieller Gerätetreiber) 0x8078C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xA0120000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x805E4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xB2328000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver) 0x8ED0B000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner) 0x90949000 C:\Windows\System32\Drivers\SYMFW.SYS 90112 bytes (Symantec Corporation, Firewall Filter Driver) 0x908F6000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0xAB325000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8EC53000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0xB2301000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector) 0xB233E000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101015.053\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine) 0x8EC3F000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x9095F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x827DB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber) 0xA01D0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x8ED2F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x831C3000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x908B0000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xB2316000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x8A7D3000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x8ECFA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x80469000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber) 0x807A4000 C:\Windows\system32\DRIVERS\VMNetSrv.sys 69632 bytes (Microsoft Corporation, Virtual Machine Network Services Driver) 0x82702000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x91B59000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library) 0xA01C0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8077C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x831D5000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0x8EC68000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x8317C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0xA0176000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x8A79D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xAB33A000 C:\Windows\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver) 0x80714000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8EC30000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x8FDEA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x80723000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0x831E5000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xA86F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x8ED21000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x908DF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0xA0044000 C:\Windows\System32\drivers\prodrv06.sys 57344 bytes (Protection Technology, StarForce Protection Environment Driver) 0xA015F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x9093C000 C:\Windows\System32\Drivers\SYMNDISV.SYS 53248 bytes (Symantec Corporation, NDIS Filter Driver) 0x8ECB9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8FDD2000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xB22F5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x91BD2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x827EE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber) 0x8EC78000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber) 0x908D4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x807EE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x807E3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x83171000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x8FDDF000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xA016C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8ECAF000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA0052000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0xB22EB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x831F3000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator) 0x91BB1000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect) 0x8A7E4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x91BBB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x91B50000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB235B000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x908ED000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0x909F6000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista) 0xA86D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x833F6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x806DC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x909ED000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer) 0x8047A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x80401000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x91B95000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber) 0x806E5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x908C4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x908CC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8A74F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x91BCB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x91B69000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x91BC4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x90938000 C:\Windows\System32\Drivers\SYMREDRV.SYS 16384 bytes (Symantec Corporation, Redirector Filter Driver) 0x8A759000 C:\Windows\System32\drivers\prosync1.sys 8192 bytes (Protection Technology, StarForce Protection Synchronization Driver) 0x8A757000 C:\Windows\System32\drivers\sfhlp01.sys 8192 bytes (Protection Technology, StarForce Protection Helper Driver) 0x8EC83000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x91A00000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver) 0x908C2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x9AC76C30 unknown_irp_handler 976 bytes 0x8CB01E40 unknown_irp_handler 448 bytes ============================================== >Stealth ============================================== Geändert von ichhaueuch (16.10.2010 um 17:19 Uhr) |
16.10.2010, 17:21 | #21 |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar! Erneuter CustomScan mit OTL
Code:
ATTFilter netsvcs drivers32 /all %SYSTEMDRIVE%\*.* %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 %systemroot%\system32\ws2help.dll /md5 /md5start explorer.exe winlogon.exe wininit.exe /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
17.10.2010, 00:56 | #22 |
| Trojan.Gen.Ml - Nicht entfernbar! Hier die Otl.txt : Code:
ATTFilter OTL logfile created on: 17.10.2010 01:33:16 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Name\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 398,31 Gb Free Space | 69,13% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,83 Gb Free Space | 54,15% Space Free | Partition Type: FAT32 Computer Name: Name-PC | User Name: Name | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2010.10.16 17:42:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe PRC - [2010.10.02 18:51:54 | 002,937,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe PRC - [2010.08.09 12:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2009.10.07 19:08:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Name\Program Files\DNA\btdna.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (SafeList) ========== MOD - [2010.10.16 17:42:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.09.23 16:44:56 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai) SRV - [2010.08.09 12:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.10.07 15:49:34 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007.08.23 22:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - [2010.10.16 23:21:25 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010.09.28 10:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101015.053\NAVEX15.SYS -- (NAVEX15) DRV - [2010.09.28 10:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101015.053\NAVENG.SYS -- (NAVENG) DRV - [2010.09.15 20:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20101007.001\IDSvix86.sys -- (IDSvix86) DRV - [2010.08.09 12:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010.05.26 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.04.28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2010.03.14 21:49:49 | 000,068,680 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva337.sys -- (XDva337) DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.11.16 18:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009.10.29 18:33:45 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2009.02.19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2009.01.09 18:46:08 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.09.05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008.06.09 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.03.12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2005.06.24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2005.05.26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2005.05.26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch TC Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.trojaner-board.de/91425-t...tfernbar.html" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.6 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.type: 4 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://utils.babylon.com/abt/index.php?url=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.10.11 12:17:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010.10.11 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions [2010.10.11 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.10.11 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions [2010.09.17 18:45:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.17 18:45:39 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.07.10 15:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.07.24 16:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.22 21:05:14 | 000,000,000 | ---D | M] (Softonic Deutsch TC Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} [2010.10.11 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\compatibility@addons.mozilla.org [2010.10.11 12:24:06 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\foxyproxy@eric.h.jung [2010.09.17 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\nasanightlaunch@example.com [2010.04.21 12:45:26 | 000,000,941 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\conduit.xml [2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-1.xml [2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-2.xml [2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-3.xml [2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-4.xml [2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-5.xml [2010.03.19 17:08:25 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-6.xml [2010.05.08 14:56:31 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-7.xml [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin.xml [2010.05.08 14:55:39 | 000,001,759 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\live-search.xml [2009.09.02 15:26:26 | 000,002,137 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\MyStart Search.xml [2010.10.11 18:15:54 | 000,003,915 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\sweetim.xml [2010.10.11 13:03:42 | 000,002,746 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\twitter.xml [2010.10.11 18:25:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.07.15 11:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.10 17:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.03 19:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.02 18:51:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll O1 HOSTS File: ([2010.10.16 17:42:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found. O2 - BHO: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Name\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [NexonPlug] C:\Nexon\NexonPlug\NexonPlug.exe (Nexon Corp.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk = C:\Programme\MultiRes\MultiRes.exe (EnTech Taiwan) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.SP54 - C:\Windows\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP55 - C:\Windows\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP56 - C:\Windows\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP57 - C:\Windows\System32\SP5X_32.DLL (Sunplus) Drivers32: VIDC.SP58 - C:\Windows\System32\SP5X_32.DLL (Sunplus) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2010.10.17 01:28:21 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Temporary Projects [2010.10.17 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\IObit [2010.10.17 00:27:36 | 000,000,000 | ---D | C] -- C:\Programme\IObit [2010.10.17 00:19:59 | 002,626,432 | ---- | C] (IObit ) -- C:\Users\Name\Desktop\gb2beta-setup.exe [2010.10.16 23:46:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.16 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.10.16 23:18:22 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Alte Version [2010.10.16 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Texture [2010.10.16 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Data [2010.10.16 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (3) [2010.10.16 21:37:19 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Mod v 12.0 [2010.10.16 21:08:25 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\sicherung [2010.10.16 21:08:03 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (2) [2010.10.16 17:42:49 | 000,000,000 | ---D | C] -- C:\_OTL [2010.10.16 17:41:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe [2010.10.16 13:03:31 | 001,174,016 | ---- | C] (WarHax Coding) -- C:\Users\Name\Desktop\updated 18uhr.dll [2010.10.14 12:47:26 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner [2010.10.11 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2010.10.11 18:01:31 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\LimeWire [2010.10.11 18:00:52 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\LimeWire [2010.10.11 12:17:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 6 [2010.10.11 11:39:10 | 000,000,000 | -H-D | C] -- C:\Programme\InstallJammer Registry [2010.10.11 01:34:16 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Panda Security [2010.10.11 01:33:37 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\WhiteSmoke [2010.10.11 01:33:33 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\RkPavproc1.sys [2010.10.11 01:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2010.10.09 22:07:38 | 000,000,000 | R--D | C] -- C:\Sandbox [2010.10.09 22:06:03 | 000,000,000 | ---D | C] -- C:\Programme\Sandboxie [2010.10.09 14:28:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.10.03 19:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.10.03 19:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.10.02 23:11:05 | 000,000,000 | ---D | C] -- C:\Programme\MultiRes [2010.10.02 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Softonic_Deutsch_TC [2010.10.02 21:27:09 | 000,000,000 | ---D | C] -- C:\War Rock [2010.10.01 19:19:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\XnView [2010.10.01 19:17:56 | 000,000,000 | ---D | C] -- C:\Programme\XnView [2010.09.11 22:51:50 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\NFS Carbon [2010.09.11 17:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Datel [2010.09.10 19:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NFS Underground Demo [2010.09.06 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\PackageAware [2010.08.22 17:14:57 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\IrfanView [2010.08.22 17:14:56 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView [2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Sony [2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Sony [2010.08.04 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\Navicat [2010.07.26 20:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2010.07.24 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.23 11:57:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 ========== Files - Modified Within 90 Days ========== [2010.10.17 01:08:34 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.10.17 01:08:34 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 2.lnk [2010.10.16 23:46:42 | 000,001,024 | ---- | M] () -- C:\Users\Name\.rnd [2010.10.16 23:42:20 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Systemprüfung ausführen - Name.job [2010.10.16 23:42:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.16 23:42:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.16 23:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.16 23:41:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2010.10.16 23:21:25 | 000,022,584 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.10.16 23:17:58 | 000,000,135 | ---- | M] () -- C:\Users\Name\Desktop\version.cfg [2010.10.16 22:57:39 | 000,001,518 | ---- | M] () -- C:\Users\Name\Desktop\Warrock.lnk [2010.10.16 21:07:04 | 000,453,444 | R--- | M] () -- C:\Users\Name\Desktop\wrkrzuwrde.7z [2010.10.16 21:03:25 | 000,001,578 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.10.16 18:13:46 | 000,133,632 | ---- | M] () -- C:\Users\Name\Desktop\RKUnhookerLE.EXE [2010.10.16 17:42:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.10.16 17:42:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe [2010.10.15 20:50:02 | 000,499,728 | ---- | M] () -- C:\Users\Name\Desktop\dsfdfds.png [2010.10.15 20:49:09 | 002,043,933 | ---- | M] () -- C:\Users\Name\Desktop\sdfdfsdf.png [2010.10.15 09:15:21 | 001,174,016 | ---- | M] (WarHax Coding) -- C:\Users\Name\Desktop\updated 18uhr.dll [2010.10.13 20:38:39 | 000,000,862 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk [2010.10.13 18:19:54 | 000,793,175 | ---- | M] () -- C:\Users\Name\Desktop\Unbenannt.png [2010.10.12 13:31:36 | 000,000,470 | ---- | M] () -- C:\Users\Name\Desktop\technobase.asx [2010.10.09 23:00:55 | 000,696,320 | ---- | M] () -- C:\Users\Name\Desktop\HunerdA.exe [2010.10.02 21:15:31 | 684,385,904 | ---- | M] () -- C:\Users\Name\War_Rock_20100921.exe [2010.10.02 17:16:02 | 000,737,696 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.02 17:16:02 | 000,697,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.02 17:16:02 | 000,168,994 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.02 17:16:02 | 000,143,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.25 17:25:23 | 000,000,680 | ---- | M] () -- C:\Users\Name\AppData\Local\d3d9caps.dat [2010.09.22 17:21:33 | 000,070,144 | ---- | M] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.21 20:10:13 | 002,626,432 | ---- | M] (IObit ) -- C:\Users\Name\Desktop\gb2beta-setup.exe [2010.09.14 13:16:14 | 000,000,680 | RHS- | M] () -- C:\Users\Name\ntuser.pol [2010.09.12 15:52:58 | 000,326,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.11 22:45:48 | 000,000,058 | ---- | M] () -- C:\Windows\nfsc_patch.ini [2010.08.21 19:25:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.18 23:15:40 | 000,000,109 | ---- | M] () -- C:\Windows\GMouse.ini [2010.08.05 13:12:55 | 000,000,600 | ---- | M] () -- C:\Users\Name\AppData\Local\PUTTY.RND ========== Files Created - No Company Name ========== [2010.10.17 01:08:34 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2010.10.17 01:08:34 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 2.lnk [2010.10.16 23:46:54 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB [2010.10.16 23:46:41 | 000,001,024 | ---- | C] () -- C:\Users\Name\.rnd [2010.10.16 23:18:20 | 000,000,135 | ---- | C] () -- C:\Users\Name\Desktop\version.cfg [2010.10.16 21:57:26 | 000,000,000 | ---- | C] () -- C:\Users\Name\Desktop\made by Achatius aka Darkelite [2010.10.16 21:18:23 | 000,001,518 | ---- | C] () -- C:\Users\Name\Desktop\Warrock.lnk [2010.10.16 21:07:06 | 000,453,444 | R--- | C] () -- C:\Users\Name\Desktop\wrkrzuwrde.7z [2010.10.16 18:13:45 | 000,133,632 | ---- | C] () -- C:\Users\Name\Desktop\RKUnhookerLE.EXE [2010.10.15 20:50:01 | 000,499,728 | ---- | C] () -- C:\Users\Name\Desktop\dsfdfds.png [2010.10.15 20:49:07 | 002,043,933 | ---- | C] () -- C:\Users\Name\Desktop\sdfdfsdf.png [2010.10.13 18:17:41 | 000,793,175 | ---- | C] () -- C:\Users\Name\Desktop\Unbenannt.png [2010.10.12 13:31:56 | 000,000,470 | ---- | C] () -- C:\Users\Name\Desktop\technobase.asx [2010.10.11 18:56:35 | 000,696,320 | ---- | C] () -- C:\Users\Name\Desktop\HunerdA.exe [2010.10.11 01:38:06 | 000,000,119 | ---- | C] () -- C:\Users\Name\ESN Code.txt [2010.10.09 22:06:34 | 000,001,578 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.10.05 15:39:11 | 000,000,862 | ---- | C] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk [2010.10.02 20:41:57 | 684,385,904 | ---- | C] () -- C:\Users\Name\War_Rock_20100921.exe [2010.10.01 15:43:27 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys [2010.09.14 13:09:11 | 000,000,680 | RHS- | C] () -- C:\Users\Name\ntuser.pol [2010.09.11 22:27:20 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2010.08.04 20:21:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2010.08.02 00:19:38 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini [2010.05.22 20:54:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.02.12 22:36:04 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.12 22:22:30 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll [2010.02.12 22:22:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.11.22 01:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Name\AppData\Local\PUTTY.RND [2009.11.20 15:25:57 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll [2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.08.01 19:56:29 | 000,000,552 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d8caps.dat [2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll [2009.01.01 19:54:11 | 000,000,680 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d9caps.dat [2008.10.31 15:02:29 | 000,070,144 | ---- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.09 19:36:23 | 000,022,584 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.05.16 02:14:50 | 000,000,963 | ---- | C] () -- C:\Windows\System32\WLAN.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.02.12 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\AnvSoft [2008.10.09 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Buhl Data Service GmbH [2010.02.14 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\CrystalButton [2009.12.08 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DMCache [2010.10.17 01:32:58 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DNA [2010.07.24 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.03 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\FileZilla [2010.10.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Free Download Manager [2010.05.08 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\GlarySoft [2010.10.13 22:31:25 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ICQ [2010.10.17 00:27:36 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\IObit [2010.08.22 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\IrfanView [2010.10.11 18:01:56 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\LimeWire [2008.12.18 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\McLoad [2010.03.19 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\OCS [2010.03.19 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Opera [2010.10.11 01:34:16 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Panda Security [2010.08.06 22:22:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Sony [2010.08.08 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TeamViewer [2010.05.02 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TS3Client [2010.05.08 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TuneUp Software [2008.11.08 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Ulead Systems [2010.10.11 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\WhiteSmoke [2010.10.01 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\XnView [2010.10.16 23:40:07 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.08.04 11:38:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.10.16 23:41:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.10.16 23:41:44 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2010.04.03 14:34:16 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2010.04.17 01:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2009.04.20 17:30:35 | 000,001,658 | -H-- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\LastFlashConfig.WFC < %PROGRAMFILES%\*.* > [2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 12:46:22 ========== Files - Unicode (All) ========== [2010.07.07 17:25:11 | 000,000,000 | ---D | M](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그 [2010.07.07 17:25:11 | 000,000,000 | ---D | C](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0059.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0054.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0053.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0049.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0047.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0042.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0036.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0031.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0029.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0020.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0018.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0014.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0002.avi:TOC.WMV < End of report > Eine Extra.txt erschien nach dem Scan nicht ?! |
17.10.2010, 19:06 | #23 |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar!Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**
|
20.10.2010, 12:36 | #25 |
| Trojan.Gen.Ml - Nicht entfernbar! merkwürdig ich hatte Norton Antivirus beendet aber als ich Combo-Fix.exe gestartet hatte meinte er das Norton Antivirus nicht beendet sei obwohl ich Auto-Protect aussgeschalten hatte also heißt das ja das Norton noch nicht ganz Deaktiviert ist oder ? Was nun ? PS: Ist es normal das bei Combo-Fix immer so ein Geräuch kommt ?^^ *düdü* |
20.10.2010, 13:30 | #26 |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar! Ich habe selber kein Norton. Auto-Protect ausschalten sollte reichen. Das Geräusch kommt bei der Warnmeldung. Das kannst Du aber ignorieren. |
27.10.2010, 06:20 | #27 |
| Trojan.Gen.Ml - Nicht entfernbar! Also ich bin mir nicht Sicher aber habe ein neuen Norton und der hat ein paar Viren weg gemacht und so habe hier mal einen Hijacktis Scan ist der weg oder noch da? falls er noch da ist mache ich natürlich normal weiter HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:20:23, on 27.10.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18498) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\wpcumi.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file) O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file) O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ricardo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe -- End of file - 7488 bytes |
27.10.2010, 11:26 | #28 | |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar!Zitat:
Schau Dir Post 23 an. Da gehts weiter! |
27.10.2010, 19:28 | #29 |
| Trojan.Gen.Ml - Nicht entfernbar! Hier Combi-Fix Combofix Logfile: Code:
ATTFilter ComboFix 10-10-26.04 - Name 27.10.2010 20:12:19.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1871 [GMT 2:00] ausgeführt von:: c:\users\Name\Desktop\Combo-Fix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\vbzlib1.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Ias ((((((((((((((((((((((( Dateien erstellt von 2010-09-27 bis 2010-10-27 )))))))))))))))))))))))))))))) . 2010-10-27 18:17 . 2010-10-27 18:21 -------- d-----w- c:\users\Name\AppData\Local\temp 2010-10-27 18:17 . 2010-10-27 18:17 -------- d-----w- c:\users\Gast\AppData\Local\temp 2010-10-27 18:17 . 2010-10-27 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-27 18:08 . 2010-10-27 18:09 -------- d-----w- C:\32788R22FWJFW 2010-10-24 13:14 . 2010-10-24 13:22 -------- d-----w- c:\program files\JDownloader 2010-10-24 12:27 . 2010-10-26 14:21 -------- d-----w- c:\users\Name\AppData\Local\CrashDumps 2010-10-23 15:57 . 2010-10-23 15:57 -------- d-----w- c:\users\Name\AppData\Roaming\Tific 2010-10-23 15:57 . 2010-10-23 15:57 -------- d-----w- c:\users\Name\AppData\Local\Symantec 2010-10-23 15:51 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-10-23 15:51 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-10-23 15:51 . 2010-10-23 15:51 -------- d-----w- c:\program files\Symantec 2010-10-23 15:51 . 2010-10-23 15:51 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-10-23 15:51 . 2010-10-24 16:07 -------- d-----w- c:\windows\system32\drivers\N360 2010-10-23 15:51 . 2010-10-23 15:51 -------- d-----w- c:\program files\Norton 360 2010-10-23 15:46 . 2010-10-23 15:46 -------- d-----w- c:\programdata\PCSettings 2010-10-23 15:44 . 2010-10-23 15:46 -------- d-----w- c:\programdata\NortonInstaller 2010-10-23 15:44 . 2010-10-23 15:44 -------- d-----w- c:\program files\NortonInstaller 2010-10-23 15:43 . 2009-10-15 15:14 24352 ----a-w- c:\windows\system32\drivers\SipIMNDI.sys 2010-10-23 14:22 . 2010-10-23 14:22 -------- d-----w- c:\program files\Unlocker 2010-10-23 11:10 . 2010-10-23 11:10 -------- d-----w- c:\program files\AutoIt3 2010-10-23 09:13 . 2010-10-23 09:13 -------- d-----w- c:\users\Name\AppData\Roaming\teamspeak2 2010-10-22 19:06 . 2010-10-22 19:07 -------- d-----w- c:\users\Name\AppData\Roaming\Hide IP NG 2010-10-22 19:06 . 2010-10-22 19:06 -------- d-----w- c:\users\Name\AppData\Roaming\hideip_firefox_plugin 2010-10-20 20:42 . 2010-10-20 20:42 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ko-KR\LMPRTPRC.DLL.mui 2010-10-20 20:42 . 2010-10-20 20:42 -------- d-----w- c:\windows\system32\wbem\en-US 2010-10-20 20:42 . 2010-10-20 20:42 -------- d-----w- c:\windows\system32\drivers\en-US 2010-10-20 20:41 . 2010-10-20 20:41 -------- d-----w- c:\windows\system32\ko 2010-10-20 20:41 . 2010-10-20 20:41 -------- d-----w- c:\windows\system32\0412 2010-10-20 20:41 . 2010-10-20 20:41 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\ko\Microsoft.Ink.Resources.dll 2010-10-20 20:41 . 2010-10-20 20:42 -------- d-----w- c:\windows\en-US 2010-10-20 20:41 . 2010-10-20 20:42 -------- d-----w- c:\windows\ko-KR 2010-10-20 20:41 . 2010-10-20 20:42 -------- d-----w- c:\windows\system32\wbem\ko-KR 2010-10-20 20:41 . 2010-10-20 20:42 -------- d-----w- c:\windows\system32\drivers\ko-KR 2010-10-20 20:39 . 2010-10-20 20:39 -------- d-----w- c:\windows\system32\Vistalizator 2010-10-20 20:22 . 2010-10-23 15:48 -------- d-----w- c:\program files\Windows Journal 2010-10-20 16:52 . 2010-10-20 16:52 -------- d-----w- c:\users\Name\AppData\Roaming\Vivox 2010-10-20 12:40 . 2010-10-20 12:50 -------- d-----w- c:\program files\GamersFirst 2010-10-17 14:24 . 2010-10-17 14:24 22000 ----a-w- c:\windows\system32\drivers\Neo_0119.sys 2010-10-17 14:22 . 2010-10-17 14:22 81920 ----a-w- c:\windows\system32\vpncmd.exe 2010-10-17 14:22 . 2010-10-18 13:43 -------- d-----w- c:\program files\PacketiX VPN Client English 2010-10-16 22:27 . 2010-10-16 22:27 -------- d-----w- c:\users\Name\AppData\Roaming\IObit 2010-10-16 22:27 . 2010-10-16 22:27 -------- d-----w- c:\program files\IObit 2010-10-16 21:46 . 2008-03-17 13:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll 2010-10-16 21:38 . 2010-10-16 21:38 -------- d-----w- c:\program files\Common Files\Skype 2010-10-16 15:42 . 2010-10-16 15:42 -------- d-----w- C:\_OTL 2010-10-11 16:15 . 2010-10-16 21:44 -------- d-----w- c:\programdata\SweetIM 2010-10-11 10:17 . 2010-10-11 16:02 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6 2010-10-11 09:39 . 2010-10-11 10:41 -------- d--h--w- c:\program files\InstallJammer Registry 2010-10-10 23:34 . 2010-10-10 23:34 -------- d-----w- c:\users\Name\AppData\Roaming\Panda Security 2010-10-10 23:33 . 2009-10-07 14:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys 2010-10-10 23:33 . 2010-10-10 23:33 -------- d-----w- c:\programdata\Panda Security 2010-10-09 20:07 . 2010-10-09 20:07 -------- d-----r- C:\Sandbox 2010-10-09 20:06 . 2010-10-09 20:06 -------- d-----w- c:\program files\Sandboxie 2010-10-09 12:28 . 2010-10-09 12:28 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-04 11:51 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-03 17:08 . 2010-10-27 11:42 -------- d-----w- c:\programdata\SecTaskMan 2010-10-03 17:08 . 2010-10-03 17:08 -------- d-----w- c:\program files\Security Task Manager 2010-10-02 21:11 . 2010-10-02 21:12 -------- d-----w- c:\program files\MultiRes 2010-10-02 19:27 . 2010-10-19 17:33 -------- d-----w- C:\War Rock 2010-10-01 17:19 . 2010-10-01 17:19 -------- d-----w- c:\users\Name\AppData\Roaming\XnView 2010-10-01 17:17 . 2010-10-01 17:17 -------- d-----w- c:\program files\XnView . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-24 13:18 . 2010-06-10 15:12 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-20 20:42 . 2010-10-20 20:42 4608 ----a-w- c:\windows\system32\drivers\UMDF\ko-KR\WpdMtpDr.dll.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\umbus.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\pscr.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\grserial.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\stcusb.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\serscan.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\SCR111.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\scmstcs.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\gpr400.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\cxbp0wdm.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\cmbp0wdm.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 2560 ----a-w- c:\windows\system32\drivers\ko-KR\wd.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 5120 ----a-w- c:\windows\system32\drivers\ko-KR\nv4_mini.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 4608 ----a-w- c:\windows\system32\drivers\ko-KR\yk60x86.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\rndismpx.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\pcmcia.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\ntrigdigi.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 4608 ----a-w- c:\windows\system32\drivers\ko-KR\msdsm.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 4096 ----a-w- c:\windows\system32\drivers\ko-KR\bcm4sbxp.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\scsiport.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\parport.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\parvdm.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 2560 ----a-w- c:\windows\system32\drivers\ko-KR\amdide.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 7168 ----a-w- c:\windows\system32\drivers\ko-KR\afd.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\modem.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\srv.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\RNDISMP.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\qwavedrv.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\ko-KR\pacer.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 45056 ----a-w- c:\windows\system32\drivers\ko-KR\ntfs.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3584 ----a-w- c:\windows\system32\drivers\en-US\nfsrdr.sys.mui 2010-10-20 20:42 . 2010-10-20 20:42 3072 ----a-w- c:\windows\system32\drivers\ko-KR\nfsrdr.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\dxgkrnl.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\ipnat.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\fltmgr.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\pnpmem.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 7168 ----a-w- c:\windows\system32\drivers\ko-KR\serial.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 6144 ----a-w- c:\windows\system32\drivers\ko-KR\ltmdmnt.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4608 ----a-w- c:\windows\system32\drivers\ko-KR\wacompen.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4608 ----a-w- c:\windows\system32\drivers\ko-KR\IPMIDrv.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\hidbth.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 5120 ----a-w- c:\windows\system32\drivers\ko-KR\bthport.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 5120 ----a-w- c:\windows\system32\drivers\ko-KR\bthpan.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\Dot4usb.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 6656 ----a-w- c:\windows\system32\drivers\ko-KR\BrSerId.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\UAGP35.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\GAGP30KX.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\atikmdag.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\ati2mtag.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 2560 ----a-w- c:\windows\system32\drivers\ko-KR\BrParwdm.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 2560 ----a-w- c:\windows\system32\drivers\ko-KR\ati2mpad.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 12288 ----a-w- c:\windows\system32\drivers\ko-KR\ohci1394.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 5120 ----a-w- c:\windows\system32\drivers\ko-KR\luafv.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 28672 ----a-w- c:\windows\system32\drivers\ko-KR\http.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 2560 ----a-w- c:\windows\system32\drivers\ko-KR\wdf01000.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4608 ----a-w- c:\windows\system32\drivers\ko-KR\e100b325.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\tpm.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\b57nd60x.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 24576 ----a-w- c:\windows\system32\drivers\ko-KR\volsnap.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 13312 ----a-w- c:\windows\system32\drivers\ko-KR\e1e6032.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 11776 ----a-w- c:\windows\system32\drivers\ko-KR\E1G60I32.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4608 ----a-w- c:\windows\system32\drivers\ko-KR\sermouse.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\mouclass.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\mouhid.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 24576 ----a-w- c:\windows\system32\drivers\ko-KR\mpio.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 9216 ----a-w- c:\windows\system32\drivers\ko-KR\fvevol.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 7168 ----a-w- c:\windows\system32\drivers\ko-KR\pci.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3584 ----a-w- c:\windows\system32\drivers\ko-KR\mssmbios.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3584 ----a-w- c:\windows\system32\drivers\ko-KR\isapnp.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\VIAAGP.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\ULIAGPKX.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\SISAGP.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\NV_AGP.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\AMDAGP.SYS.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\AGP440.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 7168 ----a-w- c:\windows\system32\drivers\ko-KR\i8042prt.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 4096 ----a-w- c:\windows\system32\drivers\ko-KR\kbdclass.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 3072 ----a-w- c:\windows\system32\drivers\ko-KR\kbdhid.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 7168 ----a-w- c:\windows\system32\drivers\ko-KR\acpi.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 21504 ----a-w- c:\windows\system32\drivers\ko-KR\viac7.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 21504 ----a-w- c:\windows\system32\drivers\ko-KR\processr.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 21504 ----a-w- c:\windows\system32\drivers\ko-KR\intelppm.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 21504 ----a-w- c:\windows\system32\drivers\ko-KR\crusoe.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 21504 ----a-w- c:\windows\system32\drivers\ko-KR\amdk8.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 21504 ----a-w- c:\windows\system32\drivers\ko-KR\amdk7.sys.mui 2010-10-20 20:41 . 2010-10-20 20:41 10240 ----a-w- c:\windows\system32\drivers\ko-KR\battc.sys.mui 2010-10-16 21:21 . 2008-10-09 17:36 22584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-16 21:21 . 2008-10-09 17:36 99904 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-10-08 18:24 . 2009-10-26 19:56 164880 ---ha-w- c:\users\Name\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2010-08-17 13:32 . 2010-09-15 14:27 126464 ----a-w- c:\windows\system32\spoolsv.exe . ------- Sigcheck ------- [-] 2010-05-12 . 5B8AB8E9F38BC52ECD183B099093C2BD . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll [7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-02 2937528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968] "toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiRes.lnk] path=c:\users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk backup=c:\windows\pss\MultiRes.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk] path=c:\users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PacketiX VPN Client Task Tray.lnk backup=c:\windows\pss\PacketiX VPN Client Task Tray.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-05-07 15:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2010-08-22 11:02 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug] 2010-08-25 14:36 2024824 ----a-w- c:\nexon\NexonPlug\NexonPlug.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-06-09 05:23 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-05-07 14:19 6139904 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] 2010-08-09 10:03 389352 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1257661164-1137624066-1645535895-1001] "EnableNotificationsRef"=dword:00000005 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x] R3 Neo_Wr;VPN Client Device Driver - Wr;c:\windows\system32\DRIVERS\Neo_0119.sys [2010-10-17 22000] R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-10 3458548] R3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI.sys [2009-10-15 24352] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [2010-03-14 68680] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640] R4 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-10-01 692272] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101026.001\IDSvix86.sys [2010-10-19 353840] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-23 102448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.nexon.com uInternet Settings,ProxyServer = socks= IE: Free YouTube to Mp3 Converter - c:\users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/91425-t...ntfernbar.html FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: network.proxy.type - 4 FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components\FFExternalAlert.dll FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components\RadioWMPCore.dll FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\FFExternalAlert.dll FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\RadioWMPCore.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\programdata\Nexon\NGM\npNxGame.dll FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - URLSearchHooks-{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file) BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) BHO-{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file) Toolbar-{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{F1AE9383-9442-4E9C-AB8C-D441FD0021CF} - (no file) MSConfigStartUp-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-10-27 20:20 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):81,75,47,14,3a,1b,77,e1,50,9b,dc,f2,8c,59,84,d0,17,4e,70,b2,7e, 59,d6,62,40,16,e3,75,22,d2,8e,50,97,52,71,04,ef,fd,79,30,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001_Classes\CLSID\{6766d4e8-cd86-47cc-bdde-12c4c826d8ec}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000154 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,4a,e6,7d,94,e5,01,99,2e,4d,91,eb,9e,ca,8f,8d,42,8d,14,f0,2f,cc,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(3928) c:\windows\system32\authui.dll c:\windows\system32\ieframe.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Sandboxie\SbieSvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\DllHost.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-10-27 20:26:15 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-10-27 18:26 Vor Suchlauf: 12 Verzeichnis(se), 422.960.869.376 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 423.245.561.856 Bytes frei - - End Of File - - 9849295E63ADAB365F778CDCB39D7E82 PS: Ich weiß nicht ob das das beeinflust aber als Pc neugestartet ist haben sich automatisch "Unlocker" geöffnet und "Jugenschutz" da es in den autostartprogrammen oder so ist aufjedenfall habe ich sie beendet Edit: Merkwürdig war auch das ich Firefox neu zum Standardbrowser machen musste (Habe Internet Explorer gelöscht damit ihr bescheid wisst vllt ist das ja wichtig oder so...) Edit2: Im Editor Name angepasst in Name! Geändert von ichhaueuch (27.10.2010 um 19:49 Uhr) |
28.10.2010, 14:57 | #30 |
/// Malwareteam | Trojan.Gen.Ml - Nicht entfernbar! Wie läufts zur Zeit? |
Themen zu Trojan.Gen.Ml - Nicht entfernbar! |
bho, brauche dringend eure hilfe, converter, desktop, ebay, entfernen, firefox, free download, google, helper, hijack, hijackthis, internet, internet explorer, intrusion prevention, logfile, mozilla, mp3, pando media booster, plug-in, pop-up-blocker, problem, rundll, senden, softonic, software, symantec, system, trojan.gen.ml, trojaner, virus, vista, windows |