| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Online-Banking gesperrt - Trojaner Gozi?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.11.2010, 17:09
| #1 |
 |  Online-Banking gesperrt - Trojaner Gozi? Hallo, ich bin offenbar nicht der einzige, der von diesem Gozi genervt wird. Habe vorher noch nie was von ihm gehört. Aber heute war plötzlich mein Online-Banking gesperrt und da macht man sich dann natürlich schon Sorgen... Der Mitarbeiter der Bank sagte mir, dass einzige, was wirklich hilft, ist eine Neuinstallation nach vorheriger Formatierung und Neupartitionierung - stimmt das so? Das wäre ein Haufen Arbeit. Kann ich denn in dem Fall davon ausgehen, dass meine ganzen Dateien (Briefe, Videos, Musik, Fotos etc.) sicher sind? Und woher weiß ich, ob mein PC oder mein NetBook befallen ist? Ich hoffe, ihr könnt mir weiter helfen. Hier schon mal die Logs, die ihr in den anderen Threads auch abgefragt habt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5100
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
12.11.2010 16:47:44
mbam-log-2010-11-12 (16-47-44).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145829
Laufzeit: 4 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bcdedial (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{85f1fd4b-cdeb-7987-37cc-ccf3960b7e18} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 12.11.2010 16:57:31 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = E:\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 35,00 Gb Total Space | 7,14 Gb Free Space | 20,41% Space Free | Partition Type: NTFS Drive D: | 100,00 Gb Total Space | 89,75 Gb Free Space | 89,75% Space Free | Partition Type: NTFS Drive E: | 129,99 Gb Total Space | 74,08 Gb Free Space | 56,99% Space Free | Partition Type: NTFS Drive G: | 200,68 Gb Total Space | 132,32 Gb Free Space | 65,94% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - e:\Programme\Tobit Radio.fx\Server\rfx-server.exe () PRC - E:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - E:\Programme\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - E:\Programme\Steuerprogramm\AAVUpdateManager\aavus.exe () PRC - E:\Programme\Winamp\winampa.exe () PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - E:\Programme\Bluetooth\BlueSoleil\BTNtService.exe () PRC - E:\Programme\Bluetooth\BlueSoleil\BlueSoleil.exe (IVT Corporation.) PRC - E:\Programme\Bluetooth\BlueSoleil\StartSkysolSvc.exe () PRC - E:\Programme\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Modules (SafeList) ========== MOD - E:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Radio.fx) -- e:\Programme\Tobit Radio.fx\Server\rfx-server.exe () SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (DfSdkS) -- E:\Programme\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany) SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AAV UpdateService) -- E:\Programme\Steuerprogramm\AAVUpdateManager\aavus.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BlueSoleil Hid Service) -- E:\Programme\Bluetooth\BlueSoleil\BTNtService.exe () SRV - (Start BT in service) -- E:\Programme\Bluetooth\BlueSoleil\StartSkysolSvc.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- E:\Programme\Magix\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider) DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1674050612-846071632-3494744709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1674050612-846071632-3494744709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1674050612-846071632-3494744709-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1674050612-846071632-3494744709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1674050612-846071632-3494744709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {aa26583b-4c35-4729-913e-156956078824}:1.4.12.20100927 FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.11.28 22:48:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 12:47:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 12:47:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2010.09.04 19:41:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins [2007.01.17 12:18:04 | 000,095,200 | ---- | M] () [2010.07.07 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.07.07 21:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.12 11:52:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions [2010.07.07 21:39:17 | 000,000,000 | ---D | M] (Qute) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}(134) [2010.06.04 19:47:19 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.10.09 08:50:30 | 000,000,000 | ---D | M] (Qute 3++ (custom mod)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{aa26583b-4c35-4729-913e-156956078824} [2010.10.24 15:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.29 17:54:52 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.05.29 20:34:25 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.11.02 09:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.11.02 09:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sl72fdak.default\extensions\twitternotifier@naan.net [2010.08.02 08:44:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.04.09 16:20:22 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Programme\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11} [2009.06.07 13:00:00 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.06.07 13:00:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Media Codec Update Service] E:\Programme\Essentials Codec Pack\update.exe (MediaCodec.Org) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] E:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TrayServer] E:\Programme\Magix\Video_deluxe_15_Premium\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1674050612-846071632-3494744709-1000..\Run: [Eraser] E:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKU\S-1-5-21-1674050612-846071632-3494744709-1000..\Run: [rfxsrvtray] e:\Programme\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKU\S-1-5-21-1674050612-846071632-3494744709-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = E:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1674050612-846071632-3494744709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f4288d25-51da-11de-b6b2-001c4af76fd5}\Shell - "" = AutoRun O33 - MountPoints2\{f4288d25-51da-11de-b6b2-001c4af76fd5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{f4288d36-51da-11de-b6b2-001c4af76fd5}\Shell - "" = AutoRun O33 - MountPoints2\{f4288d36-51da-11de-b6b2-001c4af76fd5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.11.12 16:40:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.12 16:40:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.12 16:40:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.12 16:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.24 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.24 15:23:54 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft ========== Files - Modified Within 30 Days ========== [2010.11.12 16:20:40 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.12 16:20:40 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.12 16:20:40 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.12 16:20:40 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.12 16:13:26 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.12 16:13:26 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.12 16:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.12 16:13:18 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys [2010.11.09 10:11:27 | 000,028,672 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.31 20:51:59 | 000,004,586 | ---- | M] () -- C:\Users\***\.recently-used.xbel ========== Files Created - No Company Name ========== [2010.10.31 20:51:59 | 000,004,586 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.07.16 08:50:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\leverage.drm.log [2010.07.12 14:32:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.05.17 16:43:51 | 000,000,000 | ---- | C] () -- C:\Programme\error.dat [2010.05.17 16:43:51 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2010.05.17 16:42:47 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini [2010.05.03 21:08:07 | 000,000,963 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010.05.03 21:08:07 | 000,000,153 | ---- | C] () -- C:\Windows\brpcfx.ini [2010.05.03 21:07:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.05.03 21:07:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.05.03 21:06:07 | 000,000,117 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010.05.03 21:06:05 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.11.10 18:22:33 | 000,000,017 | ---- | C] () -- C:\Windows\msiexec.ini [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.31 14:10:36 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.02.04 17:03:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.02.04 17:02:01 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.22 19:24:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.07 11:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2008.10.25 21:19:36 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.09.21 14:43:22 | 000,023,888 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.08.09 22:16:28 | 000,028,672 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.09 22:09:00 | 000,001,160 | ---- | C] () -- C:\Users\***\AppData\Local\9A5FF4EA.il [2008.08.09 22:09:00 | 000,000,280 | ---- | C] () -- C:\Users\***\AppData\Local\IndexIE_9A5FF4EA.il [2008.07.14 20:53:29 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.07.09 17:23:54 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll [2008.07.09 17:23:52 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL [2008.07.09 17:23:52 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL [2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL [2008.07.09 17:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL [2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL [2008.07.09 17:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL [2008.07.05 22:31:07 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.07.05 22:31:07 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.07.05 17:34:01 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1996.03.22 00:32:26 | 000,162,304 | ---- | C] () -- C:\Windows\System32\DLWBC31.DLL ========== LOP Check ========== [2010.10.01 08:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digiab [2010.10.24 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.29 19:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expou [2010.10.31 20:51:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2009.10.09 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.02.12 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2008.12.22 12:29:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.05.04 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX [2008.09.21 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2009.02.13 16:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD [2010.07.08 15:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2009.10.31 13:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper [2010.07.07 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.06.16 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2009.06.05 16:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2009.07.09 19:41:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WDoku [2008.12.29 20:31:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.08.17 08:19:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.06.26 06:32:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2010.11.12 13:32:39 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.06 14:44:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2009.02.08 22:11:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.05.03 21:13:52 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother [2010.10.01 08:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digiab [2010.10.24 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.29 19:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expou [2010.10.31 20:51:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2008.07.05 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2008.07.05 19:59:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2009.10.09 18:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2008.07.05 23:37:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2009.02.12 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010.11.12 16:40:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2008.11.28 23:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic [2009.06.05 16:11:34 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2008.11.13 14:01:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2008.12.22 12:29:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2008.12.22 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2 [2010.05.04 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX [2008.09.21 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2009.02.13 16:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD [2010.07.08 15:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2008.10.25 21:21:54 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM [2010.05.01 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2010.05.01 19:39:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2009.10.31 13:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper [2008.11.13 14:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback [2010.07.07 21:44:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.06.16 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2009.06.05 16:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2009.07.09 19:41:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WDoku [2008.12.22 17:21:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp [2008.09.21 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.02.19 18:04:16 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe [2008.08.16 20:48:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe [2008.08.16 20:48:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe [2008.08.16 20:48:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe [2008.08.16 20:48:52 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\Uninstall_GameShadow_F7C1C17E70E3475FBD52EA554391F15D.exe [2010.04.18 13:33:56 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sl72fdak.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe [2010.04.18 13:33:56 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sl72fdak.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.01.21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.10 22:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 22:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.11.2010 16:57:31 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = E:\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 35,00 Gb Total Space | 7,14 Gb Free Space | 20,41% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 89,75 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
Drive E: | 129,99 Gb Total Space | 74,08 Gb Free Space | 56,99% Space Free | Partition Type: NTFS
Drive G: | 200,68 Gb Total Space | 132,32 Gb Free Space | 65,94% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1674050612-846071632-3494744709-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Pixum EasyBook] -- "E:\Programme\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F6780F85-3BCC-4AB0-A0D6-5B8F0C9E3286}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030587DE-AE88-4006-A302-D63D158332BD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{064F5099-C0A3-49D7-BE8A-45A85B27A9CC}" = protocol=6 | dir=in | app=e:\programme\bluetooth\bluesoleil\bluesoleil.exe |
"{076B2722-2DC0-4348-9CD7-B5EAA38416B9}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{16B051BF-C64D-403D-884F-A6AF127B9307}" = protocol=17 | dir=in | app=g:\gta iv\rockstar games social club\rgsclauncher.exe |
"{2EABA06A-61C1-40D6-8B5D-93BAFEDC93B1}" = protocol=6 | dir=in | app=e:\programme\tobit radio.fx\server\rfx-server.exe |
"{35B366E1-AB62-47A6-AFFE-A4D2961306D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35CC5691-9FFB-4C06-8219-7C4E61D2EFF4}" = protocol=6 | dir=in | app=g:\gta iv\rockstar games social club\rgsclauncher.exe |
"{47512197-05AB-4E64-A728-FF0CA343F59B}" = protocol=6 | dir=in | app=e:\programme\tobit radio.fx\client\rfx-client.exe |
"{4818E932-AA20-4134-A7DB-6B8C485AFB7F}" = protocol=17 | dir=in | app=g:\gta iv\grand theft auto iv\launchgtaiv.exe |
"{496A48DB-B773-4BB8-8DE7-8383F0FBDE35}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{4C6F4546-C4A3-4CC7-AF29-C40172BC7285}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{55FBC7D9-F545-41AF-AFFC-CB2FA33E312E}" = protocol=17 | dir=in | app=e:\programme\tobit clipinc\server\clipinc-server.exe |
"{612B0C72-7760-436A-B960-167C7B35E647}" = protocol=17 | dir=in | app=e:\programme\brother\mfl-prosuite\faxrx.exe |
"{6BF503D9-76DB-4759-AC69-2CC9E7ECB977}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C6C926D-EE47-4DED-8B88-9115A9C4CD5E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{71B9B6FE-8C52-4C5A-8DCF-2D623E33E15A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{88B7AC67-9BE0-4310-998B-C6AA281272AB}" = protocol=17 | dir=in | app=e:\programme\tobit radio.fx\server\rfx-server.exe |
"{8DED4410-44D4-4348-BE7F-E70712B17708}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{9C99208F-B1E6-444C-9EBD-F9637BA502C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA6635F9-F308-47B1-BF42-4D2F26B92FF7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B898E7D6-E8F3-4B62-92A0-103D3FC784DD}" = protocol=6 | dir=in | app=e:\programme\tobit clipinc\server\clipinc-server.exe |
"{BB575908-8EC7-4727-AC4E-9B2C0A6BBBF3}" = protocol=17 | dir=in | app=e:\programme\bluetooth\bluesoleil\bluesoleil.exe |
"{C3AC398B-5D68-49F4-9A1E-2DF4334A7442}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{D569B402-EE93-41F7-B21E-DA0EA21240E4}" = protocol=6 | dir=in | app=e:\programme\tobit clipinc\player\clipinc-player.exe |
"{DA83F95E-E9FD-4C3E-BB2E-FFD05AC8F257}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{DDAFC489-A788-4A36-955D-032F456EFDCF}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{E5C87055-ED8F-4F59-BB65-99064029F1DA}" = protocol=17 | dir=in | app=e:\programme\tobit radio.fx\client\rfx-client.exe |
"{E71E8498-F2AA-4371-BF44-04AE361B7BD4}" = protocol=17 | dir=in | app=e:\programme\tobit clipinc\player\clipinc-player.exe |
"{EA59DF3B-7441-4079-A90D-D717E630DE42}" = protocol=6 | dir=in | app=e:\programme\brother\mfl-prosuite\faxrx.exe |
"{EEE17CC9-F317-450A-8933-63B534FDCF11}" = protocol=6 | dir=in | app=g:\gta iv\grand theft auto iv\launchgtaiv.exe |
"{FD1359E3-4F0B-4B66-87B5-B898305EA992}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe |
"TCP Query User{1AAA361B-A578-475F-B2DB-22C5A4E8C86C}E:\spiele\aao\system\armyops.exe" = protocol=6 | dir=in | app=e:\spiele\aao\system\armyops.exe |
"TCP Query User{2C81B6E0-D5BE-498E-961B-A7E8D17FD302}E:\spiele\eidos\conflict global storm\conflictglobal.exe" = protocol=6 | dir=in | app=e:\spiele\eidos\conflict global storm\conflictglobal.exe |
"TCP Query User{36A9E61C-3C25-46A6-AA66-FD87A9EF5E46}E:\spiele\splinter cell - pandorra tomorrow\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=e:\spiele\splinter cell - pandorra tomorrow\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{4824422C-A7F0-45EC-8E53-FD533EF746AD}E:\spiele\splinter cell - pandorra tomorrow\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=e:\spiele\splinter cell - pandorra tomorrow\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{4F0D5726-68A4-41CD-A55D-39F27D48A4A6}E:\spiele\aao\system\armyops.exe" = protocol=17 | dir=in | app=e:\spiele\aao\system\armyops.exe |
"UDP Query User{8680A024-7EFE-4B68-A37C-1DC0163C4F78}E:\spiele\eidos\conflict global storm\conflictglobal.exe" = protocol=17 | dir=in | app=e:\spiele\eidos\conflict global storm\conflictglobal.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11
"{26DC1BCF-C7C5-424C-9C1E-BEE442455BF5}" = Brother MFC-490CW
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75443B81-E1FC-4D79-80C0-5F0DF2A7F897}" = Conflict Global Storm
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.83
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"ATC for Splinter Cell Chaos Theory_is1" = ATC for Splinter Cell Chaos Theory 1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner (remove only)
"Content Manager" = Content Manager
"Eraser" = Eraser
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Slideshow Maker D" = MAGIX Slideshow Maker 1.0.1.3 (D)
"MAGIX Video deluxe 15 Premium D" = MAGIX Video deluxe 15 Premium 8.0.0.62 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"NVIDIA Drivers" = NVIDIA Drivers
"Pixum EasyBook" = Pixum EasyBook
"POI FINDER (iGO My way 8)_is1" = POI FINDER 3.62 (iGO My way 8)
"PunkBusterSvc" = PunkBuster Services
"Reference Manager 10" = Reference Manager 10
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"Videoload Manager" = Videoload Manager 2.0.2200
"Winamp" = Winamp
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-8
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1674050612-846071632-3494744709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Danke schon mal für eure Hilfe. Grüßle, Marzi Geändert von Marzi (12.11.2010 um 17:50 Uhr) |
| Themen zu Online-Banking gesperrt - Trojaner Gozi? |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivir, ausgehen, avgntflt.sys, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, converter, corp./icp, defender, desktop, druck, e-banking, eraser, firefox, firefox.exe, grand theft auto, helper, install.exe, location, logfile, mitarbeiter, mozilla, mozilla thunderbird, mp3, musik, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, pdfforge toolbar, plug-in, port, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, server, skype.exe, software, spigot, start menu, stick, storm, trojan.agent.u, trojan.zbotr.gen, trojaner, udp, vista, wrapper |
Baum-Darstellung