| |
| |||||||
Log-Analyse und Auswertung: Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.10.2010, 17:18
| #1 |
 |  Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hallo liebes Forum, nach langer Zeit muss ich mich (leider  - nicht falsch verstehen) mal wieder hier melden.Vorab, das betreffend System ist nicht von mir, ich bin glücklicherweise seit geraumer Zeit viren- und trojanerfrei und habe auch vor, es zu bleiben. Gestern nachmittag hat mich ein Freund angerufen und mir erzählt, dass in unregelmäßigen Abständen von 5-20 Minuten andauernd Internet Explorer Popups aufgingen. Das kam ihm spanisch vor, zumal sein Standardbrowser Firefox ist. Also führte er einen Komplett-Scan mit Avira Antivir durch, der jedoch keinen Virus oder Ähnliches fand. Bemerkenswert: Am Ende des Scanns kann man bei Avira ja auf den Button "Report" klicken. Als mein Freund dies tat, geschah einfach nichts - keine Fehlermeldung, garnichts. Als er daraufhin Antivir per Doppelklick in der Taskleiste rechts unten öffnen wollte, kam die Nachricht: onDblClick() failed. Startete er das Programm normal über Arbeitsplatz-> C-> Programme usw., startet es einwandfrei. Aus diesem Grund führte er einen Komplettscan mit Malwarebytes durch, den ich der Übersicht halber in einen Code packe  :Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4952
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.10.2010 17:56:23
mbam-log-2010-10-26 (17-56-23).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 257986
Laufzeit: 1 Stunde(n), 14 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12
Infizierte Speicherprozesse:
C:\WINDOWS\Nsojua.exe (Rootkit.TDSS) -> Unloaded process successfully.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqm.exe (Rootkit.TDSS) -> Unloaded process successfully.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nql.exe (Rootkit.TDSS) -> Unloaded process successfully.
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Rootkit.TDSS) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Nsojua.exe (Rootkit.TDSS) -> Delete on reboot.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nql.exe (Rootkit.TDSS) -> Delete on reboot.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\iCHkuypo.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqj.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqk.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Pic7BFOK.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0E312F60-82BF-4D0D-B314-38829684461D}\RP67\A0023359.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Als er daraufhin erneut mit Avira und MBAM scannte, wurde nichts mehr gefunden. Schön und gut - aber zu früh gefreut!  Heute rief er mich erneut an und berichtete, dass zwar die ominösen Popups aufgehört haben, er Antivir aber immernoch nicht per Doppelklick starten kann und nun folgendes Problem besteht: Er hat ca. 15-20 Computerspiele installiert. Davon kann er nurnoch eine handvoll starten (zufälligerweise alles ältere Spiele wie z.B. Titan Quest oder Stronghold Crusader), bei allen anderen wie z.B. Oblivion kommt die Nachricht: "Auf das angegebene Gerät bzw. Pfad oder Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können" Der zunächst geäußerte Verdacht, es könnt an Windows 7 oder ähnlichem liegen, zerstreute sich schnell, ist er doch begeisterter User von Windows XP (natürlich SP3 installiert ).Nun stellt sich natürlich die Frage: Ist das System immernoch verseucht? Und falls ja, muss es neu aufgesetzt werden? Anbei noch der HJT-Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:09, on 27.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\LogMeIn Hamachi\hamachi-2.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.google.de/ R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Als HTML speichern - C:\Programme\SmarThru Office\WebCapture.dll1.htm O8 - Extra context menu item: Auswahl erfassen - C:\Programme\SmarThru Office\WebCapture.dll2.htm O8 - Extra context menu item: Capture Selection - C:\Programme\SmarThru Office\WebCapture.dll2.htm O8 - Extra context menu item: Markierten Text speichern - C:\Programme\SmarThru Office\WebCapture.dll.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Save as HTML - C:\Programme\SmarThru Office\WebCapture.dll1.htm O8 - Extra context menu item: Save Selected Text - C:\Programme\SmarThru Office\WebCapture.dll.htm O8 - Extra context menu item: Web Capture - C:\Programme\SmarThru Office\WebCapture.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Web Capture - {7BDBFB9E-FD6E-43c2-937A-5C9F33FEBE5F} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Web Capture - {7BDBFB9E-FD6E-43c2-937A-5C9F33FEBE5F} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra button: Auswahl erfassen - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Auswahl erfassen - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra button: Markierten Text speichern - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Markierten Text speichern - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra button: Als HTML speichern - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: Als HTML speichern - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281355840328 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bw+0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 21378 bytes Ich bedanke mich schonmal recht herzlich für Eure Hilfe. Vielleicht ist ja doch noch etwas zu retten. |
|
28.10.2010, 07:33
| #2 |
  | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hi,
__________________HJ sieht eigentlich gut aus... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ |
|
28.10.2010, 16:36
| #3 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hallo,
__________________habe alles abgearbeitet. So wie ich das sehe, scheint alles in Ordnung zu sein?? Egal, ihr seid die Experten: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2010 17:32:39 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.) ========== Modules (SafeList) ========== MOD - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Temp\IadHide5.dll (BackWeb) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (XDva248) -- C:\WINDOWS\System32\XDva248.sys File not found DRV - (SSPORT) -- C:\WINDOWS\System32\Drivers\SSPORT.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/Start/tid/101" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 11:10:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 11:10:37 | 000,000,000 | ---D | M] [2008.10.14 13:18:37 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Extensions [2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions [2010.05.07 14:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.26 13:44:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.05.03 10:53:55 | 000,000,000 | ---D | M] (Media Converter) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.08.19 16:06:03 | 000,000,000 | ---D | M] (Adblock Plus) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.21 13:56:24 | 000,000,000 | ---D | M] (Greasemonkey) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.11 10:39:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.17 19:09:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.17 19:09:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.17 19:09:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.17 19:09:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.17 19:09:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.30 09:58:51 | 000,381,108 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 13126 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Als HTML speichern - C:\Programme\SmarThru Office\WEBCapture.dll1.htm () O8 - Extra context menu item: Auswahl erfassen - C:\Programme\SmarThru Office\WEBCapture.dll2.htm () O8 - Extra context menu item: Capture Selection - C:\Programme\SmarThru Office\WEBCapture.dll2.htm () O8 - Extra context menu item: Markierten Text speichern - C:\Programme\SmarThru Office\WEBCapture.dll.htm () O8 - Extra context menu item: Save as HTML - C:\Programme\SmarThru Office\WEBCapture.dll1.htm () O8 - Extra context menu item: Save Selected Text - C:\Programme\SmarThru Office\WEBCapture.dll.htm () O8 - Extra context menu item: Web Capture - C:\Programme\SmarThru Office\WebCapture.dll () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281355840328 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\bw+0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.13 15:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell - "" = AutoRun O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.28 17:31:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe [2010.10.27 17:18:59 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Neuer Ordner [2010.10.26 18:02:42 | 000,000,000 | RH-D | C] -- d:\Dokumente und Einstellungen\Konstantin\Recent [2010.10.21 11:10:49 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Sonstiges [2010.10.15 10:36:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.15 10:36:42 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.10.15 10:36:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.15 10:36:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.11 10:44:24 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\skypePM [2010.10.11 10:39:51 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Skype [2010.10.11 10:39:24 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.10.11 10:39:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.10.11 10:39:18 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.28 17:33:41 | 001,207,026 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip [2010.10.28 17:31:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe [2010.10.28 17:26:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.28 15:52:29 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010.10.27 16:54:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010.10.22 11:48:00 | 000,000,107 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\default.pls [2010.10.22 11:47:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.19 14:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.15 20:17:03 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.11 10:44:24 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.10.08 12:02:46 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 12:02:46 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 12:02:46 | 000,084,512 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.08 12:02:46 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.28 17:33:26 | 001,207,026 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip [2010.10.11 10:44:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.03.21 18:29:34 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.03.21 18:29:33 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.10.03 14:49:23 | 000,007,168 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.13 16:56:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009.04.09 13:59:47 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.01.01 15:23:33 | 000,000,143 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.12.25 13:53:59 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2008.10.24 15:42:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\STOFaxPort.dll [2008.10.22 16:59:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.15 10:50:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.10.14 11:44:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2008.10.14 11:44:56 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2008.10.14 11:44:12 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll [2008.10.14 11:42:39 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll [2008.10.14 11:42:39 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sss1ml3.dll [2008.10.14 11:40:40 | 000,265,216 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll [2008.10.14 11:40:40 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll [2008.10.14 11:40:40 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll [2008.10.14 11:40:40 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll [2008.10.14 11:40:40 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll [2008.10.14 11:36:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008.10.14 11:28:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.10.13 16:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.10.13 16:00:11 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.12.05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.12.05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.12.05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.12.05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.12.05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2002.08.29 14:00:00 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS
Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"E:\NeroExpress\Installation\Setupx.exe" = E:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- ()
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Sony\Station\Launchpad\LaunchPad.exe" = C:\Programme\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe" = C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:*:Enabled:Star Wars(TM): Battlefront(TM) -- ()
"C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando -- ()
"C:\Programme\Wacraft III\Warcraft 3\war3.exe" = C:\Programme\Wacraft III\Warcraft 3\war3.exe:*:Enabled:Warcraft III -- (BoR0)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" = C:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Programme\Cyanide\Loki\Loki.exe" = C:\Programme\Cyanide\Loki\Loki.exe:*:Enabled:Loki -- (Cyanide)
"C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe" = C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun -- (Cyanide)
"C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\THQ\Titan Quest\Titan Quest.exe" = C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A4D15AE-98E5-499A-BB31-79CCA153A84A}_is1" = RAFOO - Unterwasserwelt & Fische
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BAA9BA8-0761-42EF-842A-23FAA5321031}" = Nero 7 Essentials
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeFlashFiles" = Adobe Flash Player
"Arktwend - Das vergessene Reich_is1" = ArktwendUninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DXAddon" = DirectX 9.0c Zusatzdateien
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Finale NotePad 2008" = Finale NotePad 2008
"GameCenter" = GameCenter
"HijackThis" = HijackThis 2.0.2
"ie7" = Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Loki" = Loki
"Loki_is1" = Loki
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"NVIDIA Drivers" = NVIDIA Drivers
"Runtimes" = Allgemeine Runtime Dateien
"Samsung SCX-4x24 Series" = Samsung SCX-4x24 Series
"SmarThru Office PC Fax" = SmarThru Office PC Fax
"Steam App 440" = Team Fortress 2
"TQVault_is1" = TQVault 2.11
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.9
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.08.2010 12:01:43 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung oblivion.exe, Version 1.2.0.416, fehlgeschlagenes
Modul oblivion.exe, Version 1.2.0.416, Fehleradresse 0x00021390.
Error - 27.08.2010 14:20:32 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung assassinscreed_dx9.exe, Version 1.0.2.1,
fehlgeschlagenes Modul assassinscreed_dx9.exe, Version 1.0.2.1, Fehleradresse 0x0042df49.
Error - 28.08.2010 08:31:47 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.08.2010 09:04:54 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung game.dat, Version 1.0.2194.40862, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.09.2010 09:02:59 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
Modul jscript.dll, Version 5.8.6001.22960, Fehleradresse 0x0001ede0.
Error - 16.10.2010 10:19:21 | Computer Name = SCARTO | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
Error - 22.10.2010 04:32:34 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
Error - 22.10.2010 04:35:11 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
Error - 27.10.2010 10:39:15 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Stronghold Crusader.exe, Version 1.0.0.1,
Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 11:57:05 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x000da3af.
[ System Events ]
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 08:03:03 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.10.2010 11:26:50 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 11:26:51 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.10.2010 11:26:57 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
< End of report >
Code:
ATTFilter 2010/10/28 17:35:07.0500 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 17:35:07.0500 ================================================================================
2010/10/28 17:35:07.0500 SystemInfo:
2010/10/28 17:35:07.0500
2010/10/28 17:35:07.0500 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/28 17:35:07.0500 Product type: Workstation
2010/10/28 17:35:07.0500 ComputerName: SCARTO
2010/10/28 17:35:07.0500 UserName: Konstantin
2010/10/28 17:35:07.0500 Windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500 System windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500 Processor architecture: Intel x86
2010/10/28 17:35:07.0500 Number of processors: 2
2010/10/28 17:35:07.0500 Page size: 0x1000
2010/10/28 17:35:07.0500 Boot type: Normal boot
2010/10/28 17:35:07.0500 ================================================================================
2010/10/28 17:35:07.0828 Initialize success
2010/10/28 17:35:19.0062 ================================================================================
2010/10/28 17:35:19.0062 Scan started
2010/10/28 17:35:19.0062 Mode: Manual;
2010/10/28 17:35:19.0062 ================================================================================
2010/10/28 17:35:19.0390 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 17:35:19.0421 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 17:35:19.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 17:35:19.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 17:35:19.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 17:35:19.0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 17:35:19.0859 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/10/28 17:35:19.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 17:35:19.0937 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 17:35:20.0000 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/10/28 17:35:20.0078 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/28 17:35:20.0109 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/28 17:35:20.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 17:35:20.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 17:35:20.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 17:35:20.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 17:35:20.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 17:35:20.0484 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/10/28 17:35:20.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 17:35:20.0562 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 17:35:20.0609 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 17:35:20.0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 17:35:20.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 17:35:20.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 17:35:20.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 17:35:20.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 17:35:20.0859 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 17:35:20.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 17:35:20.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/28 17:35:21.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 17:35:21.0015 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 17:35:21.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 17:35:21.0093 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/28 17:35:21.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/28 17:35:21.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 17:35:21.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 17:35:21.0343 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 17:35:21.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 17:35:21.0562 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/28 17:35:21.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/28 17:35:21.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 17:35:21.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 17:35:21.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 17:35:21.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 17:35:21.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 17:35:21.0843 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 17:35:21.0875 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 17:35:21.0921 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/28 17:35:21.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 17:35:21.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 17:35:22.0000 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
2010/10/28 17:35:22.0031 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
2010/10/28 17:35:22.0093 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/10/28 17:35:22.0140 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/10/28 17:35:22.0171 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\Drivers\LMouKE.sys
2010/10/28 17:35:22.0218 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/10/28 17:35:22.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 17:35:22.0312 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 17:35:22.0375 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 17:35:22.0390 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 17:35:22.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 17:35:22.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 17:35:22.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 17:35:22.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 17:35:22.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 17:35:22.0625 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 17:35:22.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 17:35:22.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 17:35:22.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 17:35:22.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 17:35:22.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 17:35:22.0781 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 17:35:22.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 17:35:22.0812 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 17:35:22.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 17:35:22.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 17:35:22.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 17:35:22.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 17:35:23.0015 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 17:35:23.0203 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/28 17:35:23.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 17:35:23.0375 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 17:35:23.0421 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/28 17:35:23.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 17:35:23.0515 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 17:35:23.0546 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 17:35:23.0578 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 17:35:23.0625 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 17:35:23.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 17:35:23.0781 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/28 17:35:23.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 17:35:23.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 17:35:23.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 17:35:24.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 17:35:24.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 17:35:24.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 17:35:24.0093 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 17:35:24.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 17:35:24.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 17:35:24.0187 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 17:35:24.0218 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/10/28 17:35:24.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 17:35:24.0312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 17:35:24.0343 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 17:35:24.0390 sfdrv01 (b659e4af7534e3516ddc0b820db8f910) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/10/28 17:35:24.0406 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/10/28 17:35:24.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 17:35:24.0484 sfsync02 (3fcb3fe43737b0ef6fe759fc0b886a69) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/10/28 17:35:24.0531 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 17:35:24.0578 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/28 17:35:24.0578 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/10/28 17:35:24.0593 sptd - detected Locked file (1)
2010/10/28 17:35:24.0609 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 17:35:24.0640 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 17:35:24.0687 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/28 17:35:24.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 17:35:24.0750 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 17:35:24.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 17:35:24.0859 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 17:35:24.0906 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 17:35:24.0921 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 17:35:24.0953 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 17:35:25.0078 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/10/28 17:35:25.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 17:35:25.0203 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Programme\Unlocker\UnlockerDriver5.sys
2010/10/28 17:35:25.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 17:35:25.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 17:35:25.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 17:35:25.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 17:35:25.0359 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/28 17:35:25.0375 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 17:35:25.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 17:35:25.0468 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 17:35:25.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 17:35:25.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 17:35:25.0625 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/28 17:35:25.0656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/28 17:35:25.0703 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/28 17:35:25.0843 ================================================================================
2010/10/28 17:35:25.0843 Scan finished
2010/10/28 17:35:25.0843 ================================================================================
2010/10/28 17:35:25.0859 Detected object count: 1
2010/10/28 17:35:33.0406 Locked file(sptd) - User select action: Skip
|
|
28.10.2010, 16:36
| #4 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hallo, habe alles abgearbeitet. So wie ich das sehe, scheint alles in Ordnung zu sein?? Egal, ihr seid die Experten: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2010 17:32:39 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.) ========== Modules (SafeList) ========== MOD - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Temp\IadHide5.dll (BackWeb) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (XDva248) -- C:\WINDOWS\System32\XDva248.sys File not found DRV - (SSPORT) -- C:\WINDOWS\System32\Drivers\SSPORT.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/Start/tid/101" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 11:10:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 11:10:37 | 000,000,000 | ---D | M] [2008.10.14 13:18:37 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Extensions [2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions [2010.05.07 14:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.26 13:44:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.05.03 10:53:55 | 000,000,000 | ---D | M] (Media Converter) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.08.19 16:06:03 | 000,000,000 | ---D | M] (Adblock Plus) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.21 13:56:24 | 000,000,000 | ---D | M] (Greasemonkey) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.11 10:39:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.17 19:09:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.17 19:09:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.17 19:09:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.17 19:09:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.17 19:09:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.30 09:58:51 | 000,381,108 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 13126 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech) O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Als HTML speichern - C:\Programme\SmarThru Office\WEBCapture.dll1.htm () O8 - Extra context menu item: Auswahl erfassen - C:\Programme\SmarThru Office\WEBCapture.dll2.htm () O8 - Extra context menu item: Capture Selection - C:\Programme\SmarThru Office\WEBCapture.dll2.htm () O8 - Extra context menu item: Markierten Text speichern - C:\Programme\SmarThru Office\WEBCapture.dll.htm () O8 - Extra context menu item: Save as HTML - C:\Programme\SmarThru Office\WEBCapture.dll1.htm () O8 - Extra context menu item: Save Selected Text - C:\Programme\SmarThru Office\WEBCapture.dll.htm () O8 - Extra context menu item: Web Capture - C:\Programme\SmarThru Office\WebCapture.dll () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281355840328 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\bw+0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.13 15:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell - "" = AutoRun O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.28 17:31:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe [2010.10.27 17:18:59 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Neuer Ordner [2010.10.26 18:02:42 | 000,000,000 | RH-D | C] -- d:\Dokumente und Einstellungen\Konstantin\Recent [2010.10.21 11:10:49 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Sonstiges [2010.10.15 10:36:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.15 10:36:42 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.10.15 10:36:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.15 10:36:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.11 10:44:24 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\skypePM [2010.10.11 10:39:51 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Skype [2010.10.11 10:39:24 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.10.11 10:39:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.10.11 10:39:18 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.28 17:33:41 | 001,207,026 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip [2010.10.28 17:31:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe [2010.10.28 17:26:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.28 15:52:29 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010.10.27 16:54:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010.10.22 11:48:00 | 000,000,107 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\default.pls [2010.10.22 11:47:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.19 14:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.15 20:17:03 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.11 10:44:24 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.10.08 12:02:46 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 12:02:46 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 12:02:46 | 000,084,512 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.08 12:02:46 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.28 17:33:26 | 001,207,026 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip [2010.10.11 10:44:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.03.21 18:29:34 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.03.21 18:29:33 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.10.03 14:49:23 | 000,007,168 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.13 16:56:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009.04.09 13:59:47 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.01.01 15:23:33 | 000,000,143 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.12.25 13:53:59 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2008.10.24 15:42:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\STOFaxPort.dll [2008.10.22 16:59:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.15 10:50:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.10.14 11:44:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2008.10.14 11:44:56 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2008.10.14 11:44:12 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll [2008.10.14 11:42:39 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll [2008.10.14 11:42:39 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sss1ml3.dll [2008.10.14 11:40:40 | 000,265,216 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll [2008.10.14 11:40:40 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll [2008.10.14 11:40:40 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll [2008.10.14 11:40:40 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll [2008.10.14 11:40:40 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll [2008.10.14 11:36:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008.10.14 11:28:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.10.13 16:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.10.13 16:00:11 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.12.05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.12.05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.12.05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.12.05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.12.05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2002.08.29 14:00:00 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS
Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"E:\NeroExpress\Installation\Setupx.exe" = E:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- ()
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Sony\Station\Launchpad\LaunchPad.exe" = C:\Programme\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe" = C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:*:Enabled:Star Wars(TM): Battlefront(TM) -- ()
"C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando -- ()
"C:\Programme\Wacraft III\Warcraft 3\war3.exe" = C:\Programme\Wacraft III\Warcraft 3\war3.exe:*:Enabled:Warcraft III -- (BoR0)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" = C:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Programme\Cyanide\Loki\Loki.exe" = C:\Programme\Cyanide\Loki\Loki.exe:*:Enabled:Loki -- (Cyanide)
"C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe" = C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun -- (Cyanide)
"C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\THQ\Titan Quest\Titan Quest.exe" = C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A4D15AE-98E5-499A-BB31-79CCA153A84A}_is1" = RAFOO - Unterwasserwelt & Fische
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BAA9BA8-0761-42EF-842A-23FAA5321031}" = Nero 7 Essentials
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeFlashFiles" = Adobe Flash Player
"Arktwend - Das vergessene Reich_is1" = ArktwendUninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DXAddon" = DirectX 9.0c Zusatzdateien
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Finale NotePad 2008" = Finale NotePad 2008
"GameCenter" = GameCenter
"HijackThis" = HijackThis 2.0.2
"ie7" = Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Loki" = Loki
"Loki_is1" = Loki
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"NVIDIA Drivers" = NVIDIA Drivers
"Runtimes" = Allgemeine Runtime Dateien
"Samsung SCX-4x24 Series" = Samsung SCX-4x24 Series
"SmarThru Office PC Fax" = SmarThru Office PC Fax
"Steam App 440" = Team Fortress 2
"TQVault_is1" = TQVault 2.11
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.9
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.08.2010 12:01:43 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung oblivion.exe, Version 1.2.0.416, fehlgeschlagenes
Modul oblivion.exe, Version 1.2.0.416, Fehleradresse 0x00021390.
Error - 27.08.2010 14:20:32 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung assassinscreed_dx9.exe, Version 1.0.2.1,
fehlgeschlagenes Modul assassinscreed_dx9.exe, Version 1.0.2.1, Fehleradresse 0x0042df49.
Error - 28.08.2010 08:31:47 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.08.2010 09:04:54 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung game.dat, Version 1.0.2194.40862, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.09.2010 09:02:59 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
Modul jscript.dll, Version 5.8.6001.22960, Fehleradresse 0x0001ede0.
Error - 16.10.2010 10:19:21 | Computer Name = SCARTO | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
Error - 22.10.2010 04:32:34 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
Error - 22.10.2010 04:35:11 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
Error - 27.10.2010 10:39:15 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Stronghold Crusader.exe, Version 1.0.0.1,
Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 11:57:05 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x000da3af.
[ System Events ]
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 08:03:03 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.10.2010 11:26:50 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 11:26:51 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.10.2010 11:26:57 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
< End of report >
Code:
ATTFilter 2010/10/28 17:35:07.0500 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 17:35:07.0500 ================================================================================
2010/10/28 17:35:07.0500 SystemInfo:
2010/10/28 17:35:07.0500
2010/10/28 17:35:07.0500 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/28 17:35:07.0500 Product type: Workstation
2010/10/28 17:35:07.0500 ComputerName: SCARTO
2010/10/28 17:35:07.0500 UserName: Konstantin
2010/10/28 17:35:07.0500 Windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500 System windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500 Processor architecture: Intel x86
2010/10/28 17:35:07.0500 Number of processors: 2
2010/10/28 17:35:07.0500 Page size: 0x1000
2010/10/28 17:35:07.0500 Boot type: Normal boot
2010/10/28 17:35:07.0500 ================================================================================
2010/10/28 17:35:07.0828 Initialize success
2010/10/28 17:35:19.0062 ================================================================================
2010/10/28 17:35:19.0062 Scan started
2010/10/28 17:35:19.0062 Mode: Manual;
2010/10/28 17:35:19.0062 ================================================================================
2010/10/28 17:35:19.0390 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 17:35:19.0421 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 17:35:19.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 17:35:19.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 17:35:19.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 17:35:19.0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 17:35:19.0859 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/10/28 17:35:19.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 17:35:19.0937 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 17:35:20.0000 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/10/28 17:35:20.0078 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/28 17:35:20.0109 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/28 17:35:20.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 17:35:20.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 17:35:20.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 17:35:20.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 17:35:20.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 17:35:20.0484 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/10/28 17:35:20.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 17:35:20.0562 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 17:35:20.0609 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 17:35:20.0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 17:35:20.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 17:35:20.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 17:35:20.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 17:35:20.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 17:35:20.0859 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 17:35:20.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 17:35:20.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/28 17:35:21.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 17:35:21.0015 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 17:35:21.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 17:35:21.0093 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/28 17:35:21.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/28 17:35:21.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 17:35:21.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 17:35:21.0343 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 17:35:21.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 17:35:21.0562 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/28 17:35:21.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/28 17:35:21.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 17:35:21.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 17:35:21.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 17:35:21.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 17:35:21.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 17:35:21.0843 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 17:35:21.0875 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 17:35:21.0921 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/28 17:35:21.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 17:35:21.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 17:35:22.0000 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
2010/10/28 17:35:22.0031 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
2010/10/28 17:35:22.0093 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/10/28 17:35:22.0140 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/10/28 17:35:22.0171 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\Drivers\LMouKE.sys
2010/10/28 17:35:22.0218 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/10/28 17:35:22.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 17:35:22.0312 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 17:35:22.0375 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 17:35:22.0390 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 17:35:22.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 17:35:22.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 17:35:22.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 17:35:22.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 17:35:22.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 17:35:22.0625 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 17:35:22.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 17:35:22.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 17:35:22.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 17:35:22.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 17:35:22.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 17:35:22.0781 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 17:35:22.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 17:35:22.0812 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 17:35:22.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 17:35:22.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 17:35:22.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 17:35:22.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 17:35:23.0015 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 17:35:23.0203 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/28 17:35:23.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 17:35:23.0375 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 17:35:23.0421 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/28 17:35:23.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 17:35:23.0515 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 17:35:23.0546 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 17:35:23.0578 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 17:35:23.0625 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 17:35:23.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 17:35:23.0781 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/28 17:35:23.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 17:35:23.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 17:35:23.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 17:35:24.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 17:35:24.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 17:35:24.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 17:35:24.0093 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 17:35:24.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 17:35:24.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 17:35:24.0187 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 17:35:24.0218 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/10/28 17:35:24.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 17:35:24.0312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 17:35:24.0343 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 17:35:24.0390 sfdrv01 (b659e4af7534e3516ddc0b820db8f910) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/10/28 17:35:24.0406 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/10/28 17:35:24.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 17:35:24.0484 sfsync02 (3fcb3fe43737b0ef6fe759fc0b886a69) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/10/28 17:35:24.0531 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 17:35:24.0578 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/28 17:35:24.0578 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/10/28 17:35:24.0593 sptd - detected Locked file (1)
2010/10/28 17:35:24.0609 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 17:35:24.0640 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 17:35:24.0687 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/28 17:35:24.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 17:35:24.0750 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 17:35:24.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 17:35:24.0859 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 17:35:24.0906 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 17:35:24.0921 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 17:35:24.0953 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 17:35:25.0078 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/10/28 17:35:25.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 17:35:25.0203 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Programme\Unlocker\UnlockerDriver5.sys
2010/10/28 17:35:25.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 17:35:25.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 17:35:25.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 17:35:25.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 17:35:25.0359 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/28 17:35:25.0375 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 17:35:25.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 17:35:25.0468 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 17:35:25.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 17:35:25.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 17:35:25.0625 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/28 17:35:25.0656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/28 17:35:25.0703 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/28 17:35:25.0843 ================================================================================
2010/10/28 17:35:25.0843 Scan finished
2010/10/28 17:35:25.0843 ================================================================================
2010/10/28 17:35:25.0859 Detected object count: 1
2010/10/28 17:35:33.0406 Locked file(sptd) - User select action: Skip
|
|
29.10.2010, 06:49
| #5 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hi, ja sieht soweit gut aus... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Temp\IadHide5.dlls
Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren! chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.10.2010, 15:12
| #6 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!Code:
ATTFilter File name:
IadHide5.dll
Submission date:
2010-10-29 14:10:09 (UTC)
Current status:
queued (#5) queued (#6) analysing finished
Result:
0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.29.00 2010.10.28 -
AntiVir 7.10.13.71 2010.10.29 -
Antiy-AVL 2.0.3.7 2010.10.29 -
Authentium 5.2.0.5 2010.10.29 -
Avast 4.8.1351.0 2010.10.29 -
Avast5 5.0.594.0 2010.10.29 -
AVG 9.0.0.851 2010.10.28 -
BitDefender 7.2 2010.10.29 -
CAT-QuickHeal 11.00 2010.10.26 -
ClamAV 0.96.2.0-git 2010.10.29 -
Comodo 6550 2010.10.29 -
DrWeb 5.0.2.03300 2010.10.29 -
Emsisoft 5.0.0.50 2010.10.29 -
eSafe 7.0.17.0 2010.10.28 -
eTrust-Vet 36.1.7942 2010.10.29 -
F-Prot 4.6.2.117 2010.10.29 -
F-Secure 9.0.16160.0 2010.10.29 -
Fortinet 4.2.249.0 2010.10.29 -
GData 21 2010.10.29 -
Ikarus T3.1.1.90.0 2010.10.29 -
Jiangmin 13.0.900 2010.10.29 -
K7AntiVirus 9.67.2856 2010.10.28 -
Kaspersky 7.0.0.125 2010.10.29 -
McAfee 5.400.0.1158 2010.10.29 -
McAfee-GW-Edition 2010.1C 2010.10.29 -
Microsoft 1.6301 2010.10.29 -
NOD32 5575 2010.10.29 -
Norman 6.06.10 2010.10.29 -
nProtect 2010-10-29.01 2010.10.29 -
Panda 10.0.2.7 2010.10.29 -
PCTools 7.0.3.5 2010.10.29 -
Prevx 3.0 2010.10.29 -
Rising 22.71.03.02 2010.10.29 -
Sophos 4.59.0 2010.10.29 -
Sunbelt 7164 2010.10.29 -
SUPERAntiSpyware 4.40.0.1006 2010.10.29 -
Symantec 20101.2.0.161 2010.10.29 -
TheHacker 6.7.0.1.073 2010.10.29 -
TrendMicro 9.120.0.1004 2010.10.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.29 -
VBA32 3.12.14.1 2010.10.29 -
ViRobot 2010.10.25.4110 2010.10.29 -
VirusBuster 12.70.11.0 2010.10.29 -
Additional information
Show all
MD5 : 65675bf408b12fdd5e73f0996f149778
SHA1 : 92f13914917013ea5ec0b3545d432c8ccc59e575
SHA256: f0660de91ac7819deecc447b8698c5d7986ac8c4617b2001cddac22ca441b5ef
ssdeep: 96:7jNTtLhG0iQHnEM8G/kkQdVXn/cyZvrYrw9Si11At1jjv9Kn0R1k8TcAedeK5OOC:5ZhGrQV
8v9MkQi01jD9u0zk85wpFERrF
File size : 24613 bytes
First seen: 2009-02-14 13:54:08
Last seen : 2010-10-29 14:10:09
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: BackWeb
copyright....: (c) 2004 BackWeb Technologies Ltd. All rights reserved.
product......: BackWeb IAdHide
description..: IAdHide
original name: IAdHide.dll
internal name: IAdHide
file version.: Version 7.2.0 (Build 137R)
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x10FB
timedatestamp....: 0x416BE197 (Tue Oct 12 13:52:23 2004)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBFC, 0x1000, 5.04, e58c50102fa32eca5c8d9d7ea711a5a1
.rdata, 0x2000, 0x530, 0x1000, 2.14, ff364a21a06b78e9018c3b8e440368fe
.data, 0x3000, 0x384, 0x1000, 0.72, e632f31c43d3fce218fde96560e3e331
.rsrc, 0x4000, 0x4A8, 0x1000, 1.18, 08d8954c2bcbf7da6a8e417bbaa016af
.reloc, 0x5000, 0x1FC, 0x1000, 1.08, 6639423accdb1a8e26808083640710e3
[[ 3 import(s) ]]
KERNEL32.dll: GetCommandLineA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, lstrcpynA, lstrlenA, DisableThreadLibraryCalls, CloseHandle, lstrcmpiA, GetTickCount, CreateEventA, GetModuleFileNameA, WaitForSingleObject, GlobalAddAtomA, GetCurrentProcessId, GlobalDeleteAtom, OpenEventA, GetLastError, SetEvent
USER32.dll: CallNextHookEx, UnhookWindowsHookEx, LoadStringA, SetWindowsHookExA, IsWindow, RegisterWindowMessageA, PostMessageA, wsprintfA
ADVAPI32.dll: SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA
[[ 10 export(s) ]]
GetLastEventTime, GetNKeys, SetEventNow, StartTrapping, StopTrapping, VerifyTrapping, _MyCBTProc@12, _MyKeyboardProc@12, _MyMouseProc@12, __DllMainCRTStartup@12
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 4096
Comments:
CompanyName: BackWeb
EntryPoint: 0x10fb
FileDescription: IAdHide
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 24 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: Version 7.2.0 (Build 137R)
FileVersionNumber: 7.2.0.137
ImageVersion: 0.0
InitializedDataSize: 16384
InternalName: IAdHide
LanguageCode: English (U.S.)
LegalCopyright: 2004 BackWeb Technologies Ltd. All rights reserved.
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: IAdHide.dll
PEType: PE32
PrivateBuild: 5
ProductName: BackWeb IAdHide
ProductVersion: Version 7.2.0 (Build 137R)
ProductVersionNumber: 7.2.0.137
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2004:10:12 15:52:23+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
|
|
29.10.2010, 15:16
| #7 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Der GMER-Scan folgt, sobald er fertig ist. Kann es vielleicht einfach sein, dass der Virus/Trojaner/whatever einfach schon erfolgreich entfernt wurde, aber irreparable Schäden am System zurückgelassen hat, unter denen mein Freund jetzt zu leiden hat? Ich habe keine Ahnung, ob sowas tatsächlich sein kann, also bitte nicht lachen, sollte das eine doofe Frage sein. |
|
29.10.2010, 18:58
| #8 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! GMER-Scan: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-29 19:58:40
Windows 5.1.2600 Service Pack 3
Running: 63udnswk.exe; Driver: d:\DOKUME~1\KONSTA~1\LOKALE~1\Temp\kwtdypob.sys
---- System - GMER 1.0.15 ----
SSDT BA6F569E ZwCreateKey
SSDT BA6F5694 ZwCreateThread
SSDT BA6F56A3 ZwDeleteKey
SSDT BA6F56AD ZwDeleteValueKey
SSDT spzc.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spzc.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT BA6F56B2 ZwLoadKey
SSDT spzc.sys ZwOpenKey [0xB9EA80C0]
SSDT BA6F5680 ZwOpenProcess
SSDT BA6F5685 ZwOpenThread
SSDT spzc.sys ZwQueryKey [0xB9EC7108]
SSDT spzc.sys ZwQueryValueKey [0xB9EC6F88]
SSDT BA6F56BC ZwReplaceKey
SSDT BA6F56B7 ZwRestoreKey
SSDT BA6F56A8 ZwSetValueKey
SSDT BA6F568F ZwTerminateProcess
INT 0x73 ? 89BE0BF8
INT 0x83 ? 89D5EBF8
INT 0xB4 ? 89BE0BF8
---- Kernel code sections - GMER 1.0.15 ----
? spzc.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B9C838AC 5 Bytes JMP 89BE01D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB94EF380, 0x346307, 0xE8000020]
.text awc4lqra.SYS B94A5386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awc4lqra.SYS B94A53AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awc4lqra.SYS B94A53C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text awc4lqra.SYS B94A53C9 1 Byte [2E]
.text awc4lqra.SYS B94A53C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6136300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA440300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[2940] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spzc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spzc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spzc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spzc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spzc.sys
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\awc4lqra.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89D5D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C310733-63A5-4C93-B3F6-385CB8BC0E34} 8906B1F8
Device \Driver\usbohci \Device\USBPDO-0 89BCF1F8
Device \Driver\usbehci \Device\USBPDO-1 89C161F8
Device \Driver\PCI_PNP1808 \Device\00000046 spzc.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DCF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89DCF1F8
Device \Driver\Cdrom \Device\CdRom0 89BAB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B440808F-AC5F-4812-A82C-3583BA15074A} 8906B1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 89BAB1F8
Device \Driver\sptd \Device\71706808 spzc.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8906B1F8
Device \Driver\NetBT \Device\NetbiosSmb 8906B1F8
Device \Driver\usbohci \Device\USBFDO-0 89BCF1F8
Device \Driver\usbehci \Device\USBFDO-1 89C161F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890681F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890681F8
Device \Driver\Ftdisk \Device\FtControl 89DCF1F8
Device \Driver\awc4lqra \Device\Scsi\awc4lqra1 89B251F8
Device \Driver\awc4lqra \Device\Scsi\awc4lqra1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\awc4lqra \Device\Scsi\awc4lqra1Port4Path0Target0Lun0 89B251F8
Device \Driver\awc4lqra \Device\Scsi\awc4lqra1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8993C500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x46 0x41 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0x47 0x51 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x50 0x7B 0x8B 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0x9D 0x23 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x46 0x41 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0x47 0x51 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x50 0x7B 0x8B 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0x9D 0x23 0xAD ...
---- EOF - GMER 1.0.15 ----
|
|
30.10.2010, 15:02
| #9 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hi, daemontools und starforce kopierschutztreiber, da müssen wir erstma den defogger laufen lassen, und dann nochmal gmer... Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren! Malware pfuscht schon mal am Rechner rum, so dass "bleibende" Schäden zurückbleiben, auch wenn sie komplett entfert wurde... Daher probieren wir das hier: System Reparieren: Lade Dir "Advanced Windowscare Professional" von folgender Adresse: Advanced SystemCare Free Download Review for Windows XP/Vista/7 | IObit Installieren auf Deutsch, Yahoo-Toolbar etc. abwählen. Erstelle einen Systemwiederherstellungspunkt (Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen) oder lasse ihn automatisch erstellen. Lasse dann das gesamte System scannen und Bereinigen sowie Immunisieren. Damit werden einige Einträge wieder gerade gebogen, die von Trojaneren/Viren verbogen worden sind... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
31.10.2010, 14:40
| #10 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hallo, danke für deine Hilfe. Mit Defogger ließ sich nur Daemon Tools, nicht aber Starforce deaktivieren.. GMER läuft zur Zeit noch. Advances Windowscare Professional hat auch nicht die gewünschte Verbesserung gebracht. Es hat zwar einige Sachen bereinigt, doch das Problem besteht weiterhin. Also, nur, damit es nicht in Vergessenheit gerät, folgendes Problem besteht :P : - etliche exe-Anwendungen, darunter TuneUp Utilities und viele Spiele lassen sich nicht starten, da angeblich nicht über die benötigten Rechte verfügt werden würden. - bei Doppelklick auf das Antivir Icon erscheint: onDblclick() failed. Danke  |
|
31.10.2010, 16:55
| #11 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hier der erneute GMER-Scan. Sieht eigentlich genauso aus wie der alte, hat Defogger überhaupt etwas bewirkt? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-31 16:54:13
Windows 5.1.2600 Service Pack 3
Running: q4wd42t0.exe; Driver: d:\DOKUME~1\KONSTA~1\LOKALE~1\Temp\kwtdypob.sys
---- System - GMER 1.0.15 ----
SSDT BA7C89AE ZwCreateKey
SSDT BA7C89A4 ZwCreateThread
SSDT BA7C89B3 ZwDeleteKey
SSDT BA7C89BD ZwDeleteValueKey
SSDT BA7C89C2 ZwLoadKey
SSDT BA7C8990 ZwOpenProcess
SSDT BA7C8995 ZwOpenThread
SSDT BA7C89CC ZwReplaceKey
SSDT BA7C89C7 ZwRestoreKey
SSDT BA7C89B8 ZwSetValueKey
SSDT BA7C899F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90F3380, 0x346307, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB5A46300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA468300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[1968] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x46 0x41 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0x47 0x51 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x50 0x7B 0x8B 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0x9D 0x23 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x46 0x41 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0x47 0x51 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x50 0x7B 0x8B 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x55 0x9D 0x23 0xAD ...
---- EOF - GMER 1.0.15 ----
|
|
31.10.2010, 20:23
| #12 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hi, eigentlich hätte noch die sptd rausfliegen sollen... Versuche mal die Rechte für eine Anwendung die nicht funktioniert zu übernehmen, wie folgt: [url]http://www.winsupportforum.de/forum/faqs-facts-basics/13-besitz-von-dateien-und-ordnern-uebernehmen.html[url] Berechtigung prüfen (ob Du noch Admin bist): Zugriffs-Berechtigung prüfen: Start->Ausführen->control userpasswords2 chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.11.2010, 11:27
| #13 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hallo, das Register "Sicherheit" gibt es garnicht auszuwählen?  Führe ich control userpasswords2 aus, kommt die Fehlermeldung: rundll32.exe "Auf das angegebene Gerät bzw. Pfad oder Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können" Das ganze Fenster schließt sich nach ca. 5 Sekunden automatisch. Also ist mein Freund garnicht mehr Admin??? |
|
01.11.2010, 20:21
| #14 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Habe es eben im abgesicherten Modus probiert, auch da kann ich control userpasswords2 nicht ausführen. |
|
02.11.2010, 07:42
| #15 |
| | Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! Hi, das sieht nicht gut aus.. Hast Du ein Backup von dem Rechner? Sonst würde ich jetzt mal die Daten sichern, und dann: Backup der Registry erstellen mit ERUNT: * Lade Dir ERUNT von folgender Adresse: Favorite Freeware * Wähle die Installationsversion von ERUNT und installiere es auf deutsch * Nach der Installation startet er gleich, alle Auswahlen so lassen * Backup durchführen Dann das hier runterladen und ausführen... http://go.microsoft.com/?linkid=9646979 chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! |
| antivir, antivir guard, avira, bho, blockiert, desktop, einstellungen, excel, fehlermeldung, firefox, frage, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, neu aufgesetzt, object, problem, programm, rundll, skype.exe, software, starten, system, virus, windows xp, ältere spiele |
Linear-Darstellung
