| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner svchost.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.11.2010, 10:11
| #1 |
 |  Trojaner svchost.exe Hallo Trojaner-Board, ich hab seit kurzem ein Problem: Gestern hat sich im firefox ein Fenster geöffnet und mich auf vorhandene Trojaner/Viren hingewiesen und sich als SecurityTool ausgegeben. Kurz gegooglet und ich konnte es leicht bereinigen. Zur Sicherheit habe ich mir Spyware Doctor gezogen und gescannt - den SecurityTool Trojaner konnte ich jedenfalls erstmal problemlos entfernen - doch das Programm hat mir einen ganz anderen zusätzlichen Trojaner gemeldet - unter dem Namen: "Trojan.Agent" in C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\svchost.exe an. Glücklicherweise blockt der Spydoc erstmal die Zugriffsversuche des Trojaners, allerdings kanns sein das er schon länger auf meinem Rechner existiert. Jedenfalls hab ich die Datei gelöscht und auch weitestgehend in der Registry entfernt, außerdem beende ich die Prozesse von denen ich glaube das sie vom Trojaner und nicht vom System ausgehen auch jedesmal (nämlich die, die unter meinem User laufen) doch irgendwie erstellt er die svchost.exe jedesmal neu und führt den Prozess bei jedem Neustart wieder aus - 2mal in meiner Prozessliste. HILFE! p.s.: neben spywaredoctor läuft noch die aktuellste version von avira antivir free version auf meinem rechner und findet gar nichts! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5124 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 16.11.2010 10:50:58 mbam-log-2010-11-16 (10-50-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 159146 Laufzeit: 28 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\crasher\Startmenü\Programme\Autostart\chkntfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Temp\dwm.exe (Trojan.Agent) -> Delete on reboot. C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2010 10:27:04 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,11 Gb Total Space | 16,05 Gb Free Space | 18,43% Space Free | Partition Type: NTFS Drive D: | 58,01 Gb Total Space | 8,54 Gb Free Space | 14,73% Space Free | Partition Type: FAT32 Computer Name: CRASHA | User Name: crasher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\pctsGui.exe (PC Tools) PRC - C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Temp\dwm.exe () PRC - C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\Windows\shell.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Advanced Wheel Mouse\wh_exec.exe () PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) PRC - C:\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\VMware\VMware Player\hqtray.exe (VMware, Inc.) PRC - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Asus\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Programme\Asus\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.) PRC - C:\Programme\Asus\Splendid\ACMON.exe (ATK) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe (Cognizance Corporation) PRC - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\Programme\Asus\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Programme\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Wireless Console 2\wcourier.exe () PRC - C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - C:\Advanced Wheel Mouse\wh_hook.dll () MOD - C:\Programme\Asus\Asus MultiFrame\HookTitle.dll () MOD - C:\WINDOWS\system32\APSHook.dll (Cognizance Corporation) ========== Win32 Services (SafeList) ========== SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe File not found SRV - (SPBBCSvc) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe File not found SRV - (SNDSrvc) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found SRV - (NSCService) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found SRV - (comHost) -- c:\Programme\Norton Internet Security\comHost.exe File not found SRV - (ccSetMgr) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found SRV - (ccProxy) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe File not found SRV - (ccISPwdSvc) -- c:\Programme\Norton Internet Security\ccPwdSvc.exe File not found SRV - (ccEvtMgr) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (vmount2) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (LightScribeService) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ASChannel) -- c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll (Cognizance Corporation) SRV - (CVPND) -- C:\Programme\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (SYMIDSCO) -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20061215.005\symidsco.sys File not found DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS File not found DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys File not found DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found DRV - (ALSysIO) -- C:\DOKUME~1\crasher\LOKALE~1\Temp\ALSysIO.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.) DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (vstor2) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys () DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys () DRV - (SynMini) -- C:\WINDOWS\system32\drivers\SynMini.sys () DRV - (SynScan) -- C:\WINDOWS\system32\drivers\SynScan.sys () DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (ItSDisk) -- C:\WINDOWS\system32\drivers\itsdisk.sys (Cognizance Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (ipswuio) -- C:\WINDOWS\system32\drivers\ipswuio.sys (Windows (R) 2000 DDK provider) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.29 07:22:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 07:22:31 | 000,000,000 | ---D | M] [2008.09.01 09:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Extensions [2010.11.15 22:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\extensions [2010.05.01 01:35:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.09 18:44:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.12 15:23:38 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\searchplugins\icqplugin.xml [2010.11.15 22:02:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.09 09:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.15 22:01:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.15 22:00:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.10 17:43:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.10 17:43:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.10 17:43:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.10 17:43:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.10 17:43:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.03.24 19:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - No CLSID value found. O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Infineon Technologies AG) O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [ACMON] C:\Programme\Asus\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\Asus\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [svchost] C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\svchost.exe () O4 - HKLM..\Run: [VMware hqtray] C:\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe () O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Cisco Systems VPN Client.lnk = C:\Programme\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MultiFrame.lnk = C:\Programme\Asus\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.) F3 - HKCU WinNT: Load - (C:\DOKUME~1\crasher\LOKALE~1\Temp\dwm.exe) - C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Temp\dwm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Cognizance Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\Windows\shell.exe) - C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Microsoft\Windows\shell.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\OneCard: DllName - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: D:\Fallout3\ScreenShot3.bmp O24 - Desktop BackupWallPaper: D:\Fallout3\ScreenShot3.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.28 11:19:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell - "" = AutoRun O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found O33 - MountPoints2\##192.168.2.51#d\Shell - "" = AutoRun O33 - MountPoints2\##192.168.2.51#d\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##192.168.2.51#d\Shell\AutoRun\command - "" = Z:\FalloutLauncher.exe -- File not found O33 - MountPoints2\##heidrun#F\Shell - "" = AutoRun O33 - MountPoints2\##heidrun#F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##heidrun#F\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found O33 - MountPoints2\{808ee8f6-5fc3-11dd-a6af-005056c00008}\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell - "" = AutoRun O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell\AutoRun\command - "" = I:\OnSpcLCK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.16 10:18:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Malwarebytes [2010.11.16 10:18:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.16 10:18:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.11.16 10:18:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.16 10:18:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.16 00:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\SumatraPDF [2010.11.16 00:30:58 | 000,000,000 | ---D | C] -- C:\Programme\SumatraPDF [2010.11.16 00:27:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.15 22:42:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2010.11.15 22:01:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.11.15 22:01:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.15 22:01:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.15 22:01:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.15 22:01:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.11.15 22:00:23 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.11.15 21:59:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Sun [2010.11.15 21:12:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Avira [2010.11.15 19:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010.11.15 16:55:22 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2010.11.15 16:55:21 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2010.11.15 16:55:21 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2010.11.15 16:30:53 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010.11.15 16:30:36 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.11.15 16:30:36 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010.11.15 16:30:19 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.11.15 16:29:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2010.11.15 16:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor [2010.11.15 16:29:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\PC Tools [2010.11.15 16:29:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2010.10.27 12:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Desktop\spieler.php-Dateien [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.16 09:14:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.16 09:11:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.16 09:11:27 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys [2010.11.15 22:00:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.11.15 22:00:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.15 22:00:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.15 22:00:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.15 22:00:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.11.15 21:18:32 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.15 21:18:32 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.15 20:37:59 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.11.15 20:37:58 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.11.15 15:54:09 | 001,213,440 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\486392.exe [2010.11.15 15:52:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.11.05 01:06:28 | 000,462,472 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.05 01:06:28 | 000,444,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.05 01:06:28 | 000,086,334 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.05 01:06:28 | 000,073,052 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.27 12:32:01 | 000,056,366 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Desktop\spieler.php.htm [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.15 21:59:26 | 000,000,023 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\execcmd.log [2010.11.15 20:07:00 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys [2010.11.15 16:55:23 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2010.11.15 16:55:22 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip [2010.11.15 16:55:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2010.11.15 16:55:22 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2010.11.15 16:55:22 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2010.11.15 16:30:53 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat [2010.11.15 16:30:37 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2010.11.15 16:30:36 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat [2010.11.15 16:30:19 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat [2010.11.15 15:54:09 | 001,213,440 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\486392.exe [2010.11.14 00:45:45 | 000,009,715 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\hs_err_pid5300.log [2010.11.10 22:38:53 | 000,009,602 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\hs_err_pid4404.log [2010.10.27 12:32:00 | 000,056,366 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Desktop\spieler.php.htm [2010.09.29 08:20:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.03.10 16:48:13 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\PnkBstrK.sys [2008.03.08 03:07:07 | 000,000,266 | ---- | C] () -- C:\WINDOWS\game.ini [2008.02.04 19:06:49 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2007.12.19 20:06:37 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.12.19 20:06:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007.10.14 13:48:29 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2007.10.14 13:48:28 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.10.11 08:14:53 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2007.05.11 13:36:40 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.01.26 00:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys [2006.12.25 10:59:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ASUS_1600x1200_white.ini [2006.12.25 01:58:59 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.21 01:48:46 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.12.21 00:54:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.21 00:01:41 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.12.20 22:43:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2006.12.20 20:13:50 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini [2006.12.20 19:23:04 | 000,123,904 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.20 19:06:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2006.11.28 11:47:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.11.28 11:12:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.11.28 05:25:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.10 14:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2006.09.15 09:04:30 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2006.09.15 09:04:30 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.08.08 22:15:13 | 001,116,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys [2006.08.08 22:15:13 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys [2006.08.08 22:15:11 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys [2006.08.08 22:15:11 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys [2006.08.08 22:15:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys [2006.01.02 18:16:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini [2005.09.02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005.04.03 06:30:00 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\scardsyn.dll [2005.02.17 07:07:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004.07.20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [1998.05.06 11:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > TOL Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2010 10:27:04 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,11 Gb Total Space | 16,05 Gb Free Space | 18,43% Space Free | Partition Type: NTFS
Drive D: | 58,01 Gb Total Space | 8,54 Gb Free Space | 14,73% Space Free | Partition Type: FAT32
Computer Name: CRASHA | User Name: crasher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"4000:TCP" = 4000:TCP:*:Enabled:wow
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"D:\Pro Evolution Soccer 2010\pes2010.exe" = D:\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\STEAM\steamapps\crashas@web.de\counter-strike source\hl2.exe" = D:\STEAM\steamapps\crashas@web.de\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017E65B1-7484-461A-B16F-7C931166083B}" = Die Sims - Hot Date
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}" = Microsoft XNA Game Studio 2.0 (ARP entry)
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}" = Microsoft XNA Game Studio 2.0 (Redists)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}" = Microsoft XNA Game Studio 2.0 (spacewar)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}" = Microsoft XNA Game Studio 2.0 Documentation
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F42FC6B-947B-9B89-29B0-545F0815AD7F}" = ATI Parental Control & Encoder
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7A4328EB-5D15-4292-B89A-3439BA92D59F}" = SymNet
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B96628C-8898-4FED-9612-25631C27AB13}" = Microsoft XNA Game Studio 2.0 (xnaliveproxy)
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEC544CF-5D36-4F0A-86BD-DF3065258A5B}" = Fingerprint Sensor Minimum Install
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}" = Microsoft XNA Game Studio 2.0 (shared components)
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}" = Microsoft XNA Game Studio 2.0
"{c595f629-a73c-414d-b94b-eec6abe94eea}_is1" = Mono for Windows 1.9.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D83899AB-9964-4CFC-A246-F1BD430A455F}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E161E7E7-9875-4F7F-AFC7-72D40B45B5F3}" = ATI Catalyst Control Center
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EBE7050B-7988-4BC3-BBFD-5C6828859483}" = Game Cam v1.4
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ASUS_1600x1200_white" = ASUS_1600x1200_white
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fallout 2" = Fallout 2
"Gaming Mouse" = Gaming Mouse
"HControl" = ATK0100 ACPI UTILITY
"Hirc_is1" = Hirc
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"LEd_is1" = LEd Beta 0.53
"Loop Sound i-Mate 1.1.0.0" = Loop Sound i-Mate 1.1.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"Microsoft XNA Game Studio 2.0" = Microsoft XNA Game Studio 2.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10" = Counter-Strike
"Steinberg Cubase LE" = Steinberg Cubase LE
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.0.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.0
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2010 09:42:37 | Computer Name = CRASHA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 05.11.2010 09:42:37 | Computer Name = CRASHA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 15.11.2010 15:39:46 | Computer Name = CRASHA | Source = sdCoreService | ID = 0
Description =
Error - 15.11.2010 16:20:22 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:27:07 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:28:20 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:28:23 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:29:36 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:37:23 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 17:23:32 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
[ ASUS Security Protect Manager Events ]
Error - 16.11.2007 02:16:33 | Computer Name = CRASHER_MOBILE | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
crasher@crasher_mobile Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: ASUS Server-Host: localhost Protokoll: HTTP
Error - 24.09.2010 15:19:16 | Computer Name = CRASHA | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
crasher@crasher_mobile Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: ASUS Server-Host: localhost Protokoll: HTTP
[ System Events ]
Error - 15.11.2010 16:27:06 | Computer Name = CRASHA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 15.11.2010 16:28:19 | Computer Name = CRASHA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 15.11.2010 16:28:22 | Computer Name = CRASHA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 15.11.2010 16:29:35 | Computer Name = CRASHA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 15.11.2010 16:37:22 | Computer Name = CRASHA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 15.11.2010 17:23:31 | Computer Name = CRASHA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc"
mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden:
{D61A27C6-8F53-11D0-BFA0-00A024151983}
Error - 16.11.2010 03:34:06 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 16.11.2010 03:34:21 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
Error - 16.11.2010 04:12:31 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 16.11.2010 04:13:15 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
< End of report >
Geändert von crasha1985 (16.11.2010 um 10:51 Uhr) |
|
16.11.2010, 22:50
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner svchost.exeZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ |
|
17.11.2010, 00:40
| #3 |
| | Trojaner svchost.exe Hallo cosinus und danke für deine Antwort,
__________________ich habe den vollst. Scan durchgeführt und zu meinem entsetzten wurde eine als SecurityTool ausgewiesene Datei gefunden - hab mich wohl geirrt  Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5129 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 17.11.2010 00:31:12 mbam-log-2010-11-17 (00-31-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 274209 Laufzeit: 1 Stunde(n), 20 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\486392.exe (Rogue.SecurityTool) -> No action taken. |
|
17.11.2010, 08:43
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner svchost.exe Mach bitte nun ein frisches OTL-Log, da das letzte vor dem Durchgang mit MBAM erstellt wurde.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.11.2010, 10:18
| #5 |
| | Trojaner svchost.exe Hallo, hier die neuen OTL Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2010 10:14:37 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,11 Gb Total Space | 16,11 Gb Free Space | 18,49% Space Free | Partition Type: NTFS Drive D: | 58,01 Gb Total Space | 8,54 Gb Free Space | 14,73% Space Free | Partition Type: FAT32 Computer Name: CRASHA | User Name: crasher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Advanced Wheel Mouse\wh_exec.exe () PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) PRC - C:\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\VMware\VMware Player\hqtray.exe (VMware, Inc.) PRC - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Asus\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Programme\Asus\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.) PRC - C:\Programme\Asus\Splendid\ACMON.exe (ATK) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe (Cognizance Corporation) PRC - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\Programme\Asus\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Programme\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Wireless Console 2\wcourier.exe () PRC - C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - C:\Advanced Wheel Mouse\wh_hook.dll () MOD - C:\Programme\Asus\Asus MultiFrame\HookTitle.dll () MOD - C:\WINDOWS\system32\APSHook.dll (Cognizance Corporation) ========== Win32 Services (SafeList) ========== SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe File not found SRV - (SPBBCSvc) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe File not found SRV - (SNDSrvc) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found SRV - (NSCService) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found SRV - (comHost) -- c:\Programme\Norton Internet Security\comHost.exe File not found SRV - (ccSetMgr) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found SRV - (ccProxy) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe File not found SRV - (ccISPwdSvc) -- c:\Programme\Norton Internet Security\ccPwdSvc.exe File not found SRV - (ccEvtMgr) -- c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (vmount2) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (LightScribeService) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (ASChannel) -- c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll (Cognizance Corporation) SRV - (CVPND) -- C:\Programme\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (SYMIDSCO) -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20061215.005\symidsco.sys File not found DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS File not found DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys File not found DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found DRV - (ALSysIO) -- C:\DOKUME~1\crasher\LOKALE~1\Temp\ALSysIO.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.) DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (vstor2) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys () DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys () DRV - (SynMini) -- C:\WINDOWS\system32\drivers\SynMini.sys () DRV - (SynScan) -- C:\WINDOWS\system32\drivers\SynScan.sys () DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (ItSDisk) -- C:\WINDOWS\system32\drivers\itsdisk.sys (Cognizance Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (ipswuio) -- C:\WINDOWS\system32\drivers\ipswuio.sys (Windows (R) 2000 DDK provider) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.29 07:22:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 07:22:31 | 000,000,000 | ---D | M] [2008.09.01 09:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Extensions [2010.11.16 11:29:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\extensions [2010.05.01 01:35:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.09 18:44:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.12 15:23:38 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\searchplugins\icqplugin.xml [2010.11.16 11:29:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.09 09:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.15 22:01:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.15 22:00:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.10 17:43:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.10 17:43:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.10 17:43:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.10 17:43:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.10 17:43:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.03.24 19:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - No CLSID value found. O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Infineon Technologies AG) O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [ACMON] C:\Programme\Asus\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\Asus\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VMware hqtray] C:\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe () O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Cisco Systems VPN Client.lnk = C:\Programme\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MultiFrame.lnk = C:\Programme\Asus\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.6 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Cognizance Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\OneCard: DllName - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: D:\Fallout3\ScreenShot3.bmp O24 - Desktop BackupWallPaper: D:\Fallout3\ScreenShot3.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.28 11:19:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell - "" = AutoRun O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found O33 - MountPoints2\##192.168.2.51#d\Shell - "" = AutoRun O33 - MountPoints2\##192.168.2.51#d\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##192.168.2.51#d\Shell\AutoRun\command - "" = Z:\FalloutLauncher.exe -- File not found O33 - MountPoints2\##heidrun#F\Shell - "" = AutoRun O33 - MountPoints2\##heidrun#F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##heidrun#F\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found O33 - MountPoints2\{808ee8f6-5fc3-11dd-a6af-005056c00008}\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell - "" = AutoRun O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell\AutoRun\command - "" = I:\OnSpcLCK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.17 01:11:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\crasher\Recent [2010.11.17 01:04:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.11.16 22:42:09 | 000,000,000 | ---D | C] -- C:\karsten_documents [2010.11.16 10:18:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Malwarebytes [2010.11.16 10:18:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.16 10:18:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.11.16 10:18:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.16 10:18:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.16 00:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\SumatraPDF [2010.11.16 00:30:58 | 000,000,000 | ---D | C] -- C:\Programme\SumatraPDF [2010.11.16 00:27:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.15 22:42:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2010.11.15 22:01:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.11.15 22:01:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.15 22:01:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.15 22:01:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.15 22:01:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.11.15 22:00:23 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.11.15 21:59:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Sun [2010.11.15 21:12:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Avira [2010.11.15 19:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010.11.15 16:55:22 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2010.11.15 16:55:21 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2010.11.15 16:55:21 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2010.11.15 16:30:53 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010.11.15 16:30:36 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.11.15 16:30:36 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010.11.15 16:30:19 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.11.15 16:29:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2010.11.15 16:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor [2010.11.15 16:29:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\PC Tools [2010.11.15 16:29:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2010.10.27 12:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\crasher\Desktop\spieler.php-Dateien [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.17 10:00:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.17 09:59:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.17 09:59:08 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys [2010.11.17 01:12:30 | 000,000,890 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011226.reg [2010.11.17 01:12:08 | 000,000,362 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011206.reg [2010.11.17 01:11:57 | 000,017,536 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011153.reg [2010.11.17 01:11:30 | 000,590,240 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011108.reg [2010.11.17 01:04:53 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2010.11.15 22:00:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.11.15 22:00:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.15 22:00:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.15 22:00:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.15 22:00:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.11.15 21:18:32 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.15 21:18:32 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.15 20:37:59 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.11.15 20:37:58 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.11.15 15:52:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.11.05 01:06:28 | 000,462,472 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.05 01:06:28 | 000,444,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.05 01:06:28 | 000,086,334 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.05 01:06:28 | 000,073,052 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.27 12:32:01 | 000,056,366 | ---- | M] () -- C:\Dokumente und Einstellungen\crasher\Desktop\spieler.php.htm [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.17 01:12:28 | 000,000,890 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011226.reg [2010.11.17 01:12:07 | 000,000,362 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011206.reg [2010.11.17 01:11:55 | 000,017,536 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011153.reg [2010.11.17 01:11:15 | 000,590,240 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Eigene Dateien\cc_20101117_011108.reg [2010.11.17 01:04:53 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2010.11.15 21:59:26 | 000,000,023 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\execcmd.log [2010.11.15 20:07:00 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys [2010.11.15 16:55:23 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2010.11.15 16:55:22 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip [2010.11.15 16:55:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2010.11.15 16:55:22 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2010.11.15 16:55:22 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2010.11.15 16:30:53 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat [2010.11.15 16:30:37 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2010.11.15 16:30:36 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat [2010.11.15 16:30:19 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat [2010.11.14 00:45:45 | 000,009,715 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\hs_err_pid5300.log [2010.11.10 22:38:53 | 000,009,602 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\hs_err_pid4404.log [2010.10.27 12:32:00 | 000,056,366 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Desktop\spieler.php.htm [2010.09.29 08:20:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.03.10 16:48:13 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\PnkBstrK.sys [2008.03.08 03:07:07 | 000,000,266 | ---- | C] () -- C:\WINDOWS\game.ini [2008.02.04 19:06:49 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2007.12.19 20:06:37 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.12.19 20:06:36 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007.10.14 13:48:29 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2007.10.14 13:48:28 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.10.11 08:14:53 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2007.05.11 13:36:40 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.01.26 00:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys [2006.12.25 10:59:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ASUS_1600x1200_white.ini [2006.12.25 01:58:59 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.21 01:48:46 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.12.21 00:54:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.21 00:01:41 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.12.20 22:43:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2006.12.20 20:13:50 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini [2006.12.20 19:23:04 | 000,123,904 | ---- | C] () -- C:\Dokumente und Einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.20 19:06:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2006.11.28 11:47:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.11.28 11:12:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.11.28 05:25:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.10 14:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2006.09.15 09:04:30 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2006.09.15 09:04:30 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.08.08 22:15:13 | 001,116,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys [2006.08.08 22:15:13 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys [2006.08.08 22:15:11 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys [2006.08.08 22:15:11 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys [2006.08.08 22:15:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys [2006.01.02 18:16:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini [2005.09.02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005.04.03 06:30:00 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\scardsyn.dll [2005.02.17 07:07:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004.07.20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [1998.05.06 11:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2009.02.24 14:28:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2008.05.29 17:15:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Funcom [2010.07.05 09:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.11.16 10:09:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2010.01.11 20:13:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2010.11.17 10:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.03.27 17:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2007.01.10 19:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\CDZilla [2009.02.24 14:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\DAEMON Tools [2009.02.24 14:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\DAEMON Tools Lite [2009.02.24 14:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\DAEMON Tools Pro [2009.06.09 11:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Dev-Cpp [2009.06.04 22:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\FileZilla [2009.07.16 09:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\GetRightToGo [2009.07.01 11:50:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\gtk-2.0 [2010.11.17 10:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\ICQ [2006.12.25 00:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\ICQLite [2007.03.18 12:35:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\IrfanView [2006.12.25 00:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\MSNInstaller [2009.02.24 14:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\My Games [2010.01.30 18:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Steinberg [2010.11.16 11:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\SumatraPDF [2008.11.11 19:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Teeworlds [2010.01.11 20:40:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\crasher\Anwendungsdaten\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2010 10:14:37 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\crasher\Eigene Dateien\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,11 Gb Total Space | 16,11 Gb Free Space | 18,49% Space Free | Partition Type: NTFS
Drive D: | 58,01 Gb Total Space | 8,54 Gb Free Space | 14,73% Space Free | Partition Type: FAT32
Computer Name: CRASHA | User Name: crasher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"4000:TCP" = 4000:TCP:*:Enabled:wow
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"D:\Pro Evolution Soccer 2010\pes2010.exe" = D:\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\STEAM\steamapps\crashas@web.de\counter-strike source\hl2.exe" = D:\STEAM\steamapps\crashas@web.de\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017E65B1-7484-461A-B16F-7C931166083B}" = Die Sims - Hot Date
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}" = Microsoft XNA Game Studio 2.0 (ARP entry)
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}" = Microsoft XNA Game Studio 2.0 (Redists)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}" = Microsoft XNA Game Studio 2.0 (spacewar)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}" = Microsoft XNA Game Studio 2.0 Documentation
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F42FC6B-947B-9B89-29B0-545F0815AD7F}" = ATI Parental Control & Encoder
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7A4328EB-5D15-4292-B89A-3439BA92D59F}" = SymNet
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B96628C-8898-4FED-9612-25631C27AB13}" = Microsoft XNA Game Studio 2.0 (xnaliveproxy)
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEC544CF-5D36-4F0A-86BD-DF3065258A5B}" = Fingerprint Sensor Minimum Install
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}" = Microsoft XNA Game Studio 2.0 (shared components)
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}" = Microsoft XNA Game Studio 2.0
"{c595f629-a73c-414d-b94b-eec6abe94eea}_is1" = Mono for Windows 1.9.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D83899AB-9964-4CFC-A246-F1BD430A455F}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E161E7E7-9875-4F7F-AFC7-72D40B45B5F3}" = ATI Catalyst Control Center
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EBE7050B-7988-4BC3-BBFD-5C6828859483}" = Game Cam v1.4
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ASUS_1600x1200_white" = ASUS_1600x1200_white
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fallout 2" = Fallout 2
"Gaming Mouse" = Gaming Mouse
"HControl" = ATK0100 ACPI UTILITY
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"LEd_is1" = LEd Beta 0.53
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"Microsoft XNA Game Studio 2.0" = Microsoft XNA Game Studio 2.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10" = Counter-Strike
"Steinberg Cubase LE" = Steinberg Cubase LE
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.0.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.0
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2010 09:42:37 | Computer Name = CRASHA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 05.11.2010 09:42:37 | Computer Name = CRASHA | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 15.11.2010 15:39:46 | Computer Name = CRASHA | Source = sdCoreService | ID = 0
Description =
Error - 15.11.2010 16:20:22 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:27:07 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:28:20 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:28:23 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:29:36 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 16:37:23 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 15.11.2010 17:23:32 | Computer Name = CRASHA | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
[ ASUS Security Protect Manager Events ]
Error - 16.11.2007 02:16:33 | Computer Name = CRASHER_MOBILE | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
crasher@crasher_mobile Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: ASUS Server-Host: localhost Protokoll: HTTP
Error - 24.09.2010 15:19:16 | Computer Name = CRASHA | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
crasher@crasher_mobile Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: ASUS Server-Host: localhost Protokoll: HTTP
[ System Events ]
Error - 16.11.2010 10:36:29 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 16.11.2010 10:36:43 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
Error - 16.11.2010 11:23:19 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 16.11.2010 11:23:34 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
Error - 16.11.2010 15:52:53 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 16.11.2010 15:53:06 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
Error - 16.11.2010 19:35:22 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 16.11.2010 19:35:36 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
Error - 17.11.2010 04:59:53 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Symantec Core LC" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 17.11.2010 05:00:05 | Computer Name = CRASHA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SYMTDI
< End of report >
Edit: Ich hab übrigens gestern Abend nach dem Rogue.SecurityTool-Fund noch in anderen Threads gesucht und die rkill.com.exe drüberlaufen lassen und danach CCleaner. Ich bin nicht sicher, aber rkill hat glaube nix zum bereinigen gefunden oder es zumindest fehlerfrei gemacht. Ich warte auf weitere Anweisungen Geändert von crasha1985 (17.11.2010 um 10:47 Uhr) |
|
17.11.2010, 15:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner svchost.exe Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4
O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell - "" = AutoRun
O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##192.168.2.100#DVD_Laufwerk\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\##192.168.2.51#d\Shell - "" = AutoRun
O33 - MountPoints2\##192.168.2.51#d\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##192.168.2.51#d\Shell\AutoRun\command - "" = Z:\FalloutLauncher.exe -- File not found
O33 - MountPoints2\##heidrun#F\Shell - "" = AutoRun
O33 - MountPoints2\##heidrun#F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##heidrun#F\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\{808ee8f6-5fc3-11dd-a6af-005056c00008}\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell - "" = AutoRun
O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\Shell\AutoRun\command - "" = I:\OnSpcLCK.exe -- File not found
[2010.11.15 16:55:23 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.11.15 16:55:22 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.11.15 16:55:22 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Trojaner svchost.exe |
|
17.11.2010, 15:47
| #7 |
| | Trojaner svchost.exe So, erledigt. Der Rechner hat neu gestartet - musste auf kein OK klicken, kam automatisch.. Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.100#DVD_Laufwerk\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.100#DVD_Laufwerk\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.100#DVD_Laufwerk\ not found.
File Z:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.51#d\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.51#d\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##192.168.2.51#d\ not found.
File Z:\FalloutLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##heidrun#F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##heidrun#F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##heidrun#F\ not found.
File Z:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808ee8f6-5fc3-11dd-a6af-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808ee8f6-5fc3-11dd-a6af-005056c00008}\ not found.
File I:\Install FreeAgent Tools.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cccb2db0-0d4e-11dc-a405-0018de98003e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cccb2db0-0d4e-11dc-a405-0018de98003e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cccb2db0-0d4e-11dc-a405-0018de98003e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cccb2db0-0d4e-11dc-a405-0018de98003e}\ not found.
File I:\OnSpcLCK.exe not found.
C:\WINDOWS\BDTSupport.dll moved successfully.
C:\WINDOWS\UDB.zip moved successfully.
C:\WINDOWS\IDB.zip moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: crasher
->Temp folder emptied: 607292265 bytes
->Temporary Internet Files folder emptied: 67587 bytes
->Java cache emptied: 62739 bytes
->FireFox cache emptied: 73119612 bytes
->Flash cache emptied: 1884405 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 34091 bytes
->FireFox cache emptied: 2844564 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 121969 bytes
%systemroot%\System32 .tmp files removed: 5575559 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47595079 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 705,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11172010_154032
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
17.11.2010, 16:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner svchost.exe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2010, 17:10
| #9 |
| | Trojaner svchost.exe Hallo cosinus cofi hat mir noch einen aktiven norton internet sec angezeigt, hab dann nochmal einen regcleaner laufen lassen usw. was daran nix geändert hat. der avguard war deaktiviert und es ist durchgelaufen. eine SWH wurde eingeleitet und installiert - ansonsten keine probleme hier das log [code] Combofix Logfile: Code:
ATTFilter ComboFix 10-11-16.06 - crasher 17.11.2010 16:54:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1460 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\crasher\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\crasher\EULA.txt
C:\Images
c:\images\Audio 01_00.peak
C:\test.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-17 bis 2010-11-17 ))))))))))))))))))))))))))))))
.
2010-11-17 15:44 . 2010-11-17 15:44 -------- d-----w- C:\cofi
2010-11-17 15:36 . 2010-11-17 15:38 -------- d-----w- c:\programme\RegCleaner
2010-11-17 14:40 . 2010-11-17 14:40 -------- d-----w- C:\_OTL
2010-11-17 10:09 . 2010-11-17 10:09 -------- d-----w- c:\programme\OTL
2010-11-17 00:04 . 2010-11-17 00:04 -------- d-----w- c:\programme\CCleaner
2010-11-16 21:42 . 2010-11-16 21:45 -------- d-----w- C:\karsten_documents
2010-11-16 09:18 . 2010-11-16 09:18 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\Malwarebytes
2010-11-16 09:18 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 09:18 . 2010-11-16 09:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-16 09:18 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 09:18 . 2010-11-16 23:31 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-11-15 23:31 . 2010-11-16 10:30 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\SumatraPDF
2010-11-15 23:30 . 2010-11-15 23:31 -------- d-----w- c:\programme\SumatraPDF
2010-11-15 21:42 . 2010-11-15 21:42 -------- d-----w- c:\dokumente und einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-11-15 21:01 . 2010-11-15 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-15 21:00 . 2010-11-15 21:00 -------- d-----w- c:\programme\Java
2010-11-15 20:12 . 2010-11-15 20:12 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\Avira
2010-11-15 15:55 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-15 15:55 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-15 15:55 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-15 15:30 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-15 15:30 . 2010-11-15 19:37 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-15 15:30 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-15 15:30 . 2010-11-15 19:37 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-15 15:29 . 2010-11-15 15:56 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-11-15 15:29 . 2010-11-17 14:39 -------- d-----w- c:\programme\Spyware Doctor
2010-11-15 15:29 . 2010-11-15 15:29 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\PC Tools
2010-11-15 15:29 . 2010-11-15 15:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 21:00 . 2010-06-09 08:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-15 20:18 . 2009-11-29 22:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-15 20:18 . 2009-11-29 22:01 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-18 10:22 . 2006-09-15 08:02 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2006-09-15 08:02 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2006-09-15 08:02 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2006-09-15 08:02 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:17 . 2006-09-15 08:03 672768 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:17 . 2006-09-15 08:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:17 . 2006-09-15 08:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:13 . 2006-09-15 08:02 371200 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:50 . 2006-09-15 08:02 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2006-09-15 08:03 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2006-09-15 08:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-09-15 08:02 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-09-15 08:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2006-09-15 08:02 617472 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 15:08 381952 ----a-r- c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-12-29 687560]
"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-20 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"ATKMEDIA"="c:\programme\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\programme\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"VMware hqtray"="c:\vmware\VMware Player\hqtray.exe" [2007-08-21 55856]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-10-13 98304]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
Cisco Systems VPN Client.lnk - c:\programme\VPN Client\vpngui.exe [2007-10-14 1524776]
MultiFrame.lnk - c:\programme\ASUS\Asus MultiFrame\MultiFrame.exe [2006-11-28 491520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 20:23 40448 ----a-r- c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]
2006-01-02 17:14 61440 ----a-w- c:\windows\ABLKSR\ABLKSR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 13:20 180224 ----a-w- c:\programme\Asus\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-08-01 22:38 802816 ----a-w- c:\programme\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2006-06-29 12:40 774144 ----a-w- c:\program files\ASUS\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-06 20:11 573440 ----a-w- c:\programme\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4000:TCP"= 4000:TCP:wow
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15.11.2010 16:30 218592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2006 00:01 717296]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [16.05.2006 10:14 17840]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.11.2009 23:01 135336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [15.09.2006 09:02 14336]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [05.07.2010 09:46 246520]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [08.08.2006 22:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [08.08.2006 22:15 7808]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [26.01.2007 00:45 6784]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [15.11.2010 16:55 112592]
S3 ALSysIO;ALSysIO;\??\c:\dokume~1\crasher\LOKALE~1\Temp\ALSysIO.sys --> c:\dokume~1\crasher\LOKALE~1\Temp\ALSysIO.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [28.11.2006 11:54 34944]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [15.11.2010 16:29 366840]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\dokumente und einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\dokumente und einstellungen\crasher\Anwendungsdaten\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-17 17:01
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-697788030-2060516027-3391844405-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1672)
c:\windows\system32\Ati2evxx.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(1728)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\APSHook.dll
c:\programme\ASUS\Asus MultiFrame\HookTitle.dll
c:\advanc~1\wh_hook.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\bin\DEU\SFSShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\VPN Client\cvpnd.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\ehome\mcrdsvc.exe
c:\vmware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.EXE
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programme\ATI Technologies\ATI.ACE\cli.exe
c:\programme\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-17 17:06:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-17 16:06
Vor Suchlauf: 19 Verzeichnis(se), 17.861.300.224 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 17.924.222.976 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 08CD0AB2C5A755713769346CE50052AB
|
|
17.11.2010, 19:16
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner svchost.exe Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Seccenter::
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4000:TCP"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2010, 20:44
| #11 |
| | Trojaner svchost.exe hi arne, also: hab alles gemacht wie du gesagt hast - die software firewall deaktiviert - doch im sicherheitscenter stand -aktiv-. da gabs auch keine direkte einstellung um das zu beheben, avguard hab ich dann noch deaktiviert und genauso gestartet wie beschrieben. das hat dann auch soweit funktioniert nur hat er wieder norton als aktives sicherheitssystem genannt und durchgelaufen. neustart wurde nicht angefragt, ich habs trotzdem gemacht und hier der log Combofix Logfile: Code:
ATTFilter ComboFix 10-11-17.01 - crasher 17.11.2010 20:26:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1417 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\crasher\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\crasher\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-17 bis 2010-11-17 ))))))))))))))))))))))))))))))
.
2010-11-17 15:44 . 2010-11-17 15:44 -------- d-----w- C:\cofi
2010-11-17 15:36 . 2010-11-17 15:38 -------- d-----w- c:\programme\RegCleaner
2010-11-17 14:40 . 2010-11-17 14:40 -------- d-----w- C:\_OTL
2010-11-17 10:09 . 2010-11-17 10:09 -------- d-----w- c:\programme\OTL
2010-11-17 00:04 . 2010-11-17 00:04 -------- d-----w- c:\programme\CCleaner
2010-11-16 21:42 . 2010-11-16 21:45 -------- d-----w- C:\karsten_documents
2010-11-16 09:18 . 2010-11-16 09:18 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\Malwarebytes
2010-11-16 09:18 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 09:18 . 2010-11-16 09:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-16 09:18 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 09:18 . 2010-11-16 23:31 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-11-15 23:31 . 2010-11-16 10:30 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\SumatraPDF
2010-11-15 23:30 . 2010-11-15 23:31 -------- d-----w- c:\programme\SumatraPDF
2010-11-15 21:42 . 2010-11-15 21:42 -------- d-----w- c:\dokumente und einstellungen\crasher\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-11-15 21:01 . 2010-11-15 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-15 21:00 . 2010-11-15 21:00 -------- d-----w- c:\programme\Java
2010-11-15 20:12 . 2010-11-15 20:12 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\Avira
2010-11-15 15:55 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-15 15:55 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-15 15:55 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-15 15:30 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-15 15:30 . 2010-11-15 19:37 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-15 15:30 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-15 15:30 . 2010-11-15 19:37 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-15 15:29 . 2010-11-15 15:56 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-11-15 15:29 . 2010-11-17 14:39 -------- d-----w- c:\programme\Spyware Doctor
2010-11-15 15:29 . 2010-11-15 15:29 -------- d-----w- c:\dokumente und einstellungen\crasher\Anwendungsdaten\PC Tools
2010-11-15 15:29 . 2010-11-15 15:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 21:00 . 2010-06-09 08:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-15 20:18 . 2009-11-29 22:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-15 20:18 . 2009-11-29 22:01 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-18 10:22 . 2006-09-15 08:02 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2006-09-15 08:02 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2006-09-15 08:02 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2006-09-15 08:02 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:17 . 2006-09-15 08:03 672768 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:17 . 2006-09-15 08:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:17 . 2006-09-15 08:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:13 . 2006-09-15 08:02 371200 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:50 . 2006-09-15 08:02 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2006-09-15 08:03 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2006-09-15 08:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-09-15 08:02 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-09-15 08:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2006-09-15 08:02 617472 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-02 15:08 381952 ----a-r- c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-12-29 687560]
"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-20 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"ATKMEDIA"="c:\programme\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\programme\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"VMware hqtray"="c:\vmware\VMware Player\hqtray.exe" [2007-08-21 55856]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-10-13 98304]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-15 281768]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
Cisco Systems VPN Client.lnk - c:\programme\VPN Client\vpngui.exe [2007-10-14 1524776]
MultiFrame.lnk - c:\programme\ASUS\Asus MultiFrame\MultiFrame.exe [2006-11-28 491520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-05-02 20:23 40448 ----a-r- c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]
2006-01-02 17:14 61440 ----a-w- c:\windows\ABLKSR\ABLKSR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 13:20 180224 ----a-w- c:\programme\Asus\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-08-01 22:38 802816 ----a-w- c:\programme\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2006-06-29 12:40 774144 ----a-w- c:\program files\ASUS\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-06 20:11 573440 ----a-w- c:\programme\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\MSMSGS.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15.11.2010 16:30 218592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2006 00:01 717296]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [16.05.2006 10:14 17840]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.11.2009 23:01 135336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [15.09.2006 09:02 14336]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [05.07.2010 09:46 246520]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [08.08.2006 22:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [08.08.2006 22:15 7808]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [26.01.2007 00:45 6784]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [15.11.2010 16:55 112592]
S3 ALSysIO;ALSysIO;\??\c:\dokume~1\crasher\LOKALE~1\Temp\ALSysIO.sys --> c:\dokume~1\crasher\LOKALE~1\Temp\ALSysIO.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [28.11.2006 11:54 34944]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [15.11.2010 16:29 366840]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\dokumente und einstellungen\crasher\Anwendungsdaten\Mozilla\Firefox\Profiles\1x777e8z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\dokumente und einstellungen\crasher\Anwendungsdaten\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-697788030-2060516027-3391844405-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1676)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(1732)
c:\windows\system32\APSHook.dll
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3576)
c:\windows\system32\APSHook.dll
c:\programme\ASUS\Asus MultiFrame\HookTitle.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\programme\ASUS Security Center\ASUS Security Protect Manager\bin\DEU\SFSShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-11-17 20:32:48
ComboFix-quarantined-files.txt 2010-11-17 19:32
ComboFix2.txt 2010-11-17 16:06
Vor Suchlauf: 21 Verzeichnis(se), 17.886.806.016 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 17.885.585.408 Bytes frei
- - End Of File - - 35E21DFDCC08368E12402C72B4E9AA64
edit: irgendwie scheint das windows-sicherheitscenter das doch richtig anzuzeigen, sollte ich das dann direkt nochmal probieren? kann sein das dort eben etwas nicht gestimmt hat - kurzes ja würde reichen Geändert von crasha1985 (17.11.2010 um 20:48 Uhr) Grund: forgot |
|
17.11.2010, 20:48
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner svchost.exe Ist shon so Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2010, 22:23
| #13 |
| | Trojaner svchost.exe hallo. hier die logs GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-17 22:14:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: yd2p71m9.exe; Driver: C:\DOKUME~1\crasher\LOKALE~1\Temp\fwtdqpoc.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9DB3112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9D922D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9D924C8]
SSDT BA741A9C ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9DB3900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9DB3BB4]
SSDT spfo.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spfo.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT BA741ABA ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9DB1E12]
SSDT BA741A88 ZwOpenProcess
SSDT BA741A8D ZwOpenThread
SSDT spfo.sys ZwQueryKey [0xB9EC7108]
SSDT spfo.sys ZwQueryValueKey [0xB9EC6F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9DB4020]
SSDT BA741AC4 ZwReplaceKey
SSDT BA741ABF ZwRestoreKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9DB33D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9D91F44]
INT 0x62 ? 8A890BF8
INT 0x63 ? 8A548F00
INT 0x82 ? 8A890BF8
INT 0x83 ? 8A548F00
INT 0xA4 ? 8A548F00
INT 0xB4 ? 8A548F00
---- Kernel code sections - GMER 1.0.15 ----
? spfo.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B91038AC 5 Bytes JMP 8A5484E0
init C:\WINDOWS\System32\Drivers\ItSDisk.sys entry point in "init" section [0xA89C3360]
.text agly0dkw.SYS A85FD386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text agly0dkw.SYS A85FD3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text agly0dkw.SYS A85FD3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text agly0dkw.SYS A85FD3C9 1 Byte [2E]
.text agly0dkw.SYS A85FD3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA496B300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA398300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spfo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spfo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spfo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spfo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spfo.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spfo.sys
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\agly0dkw.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A88F1F8
Device \FileSystem\Fastfat \FatCdrom 89D8F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73BCCE04-0A85-41B3-AA5B-A7D772EBA025} 89E2F500
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8A5421F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8211F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8211F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8211F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8211F8
Device \Driver\usbuhci \Device\USBPDO-1 8A5421F8
Device \Driver\usbuhci \Device\USBPDO-2 8A5421F8
Device \Driver\usbehci \Device\USBPDO-3 8A50E1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A5421F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8911F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8911F8
Device \Driver\Cdrom \Device\CdRom0 8A4991F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DDBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DDBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DDBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DDBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8911F8
Device \Driver\Cdrom \Device\CdRom1 8A4991F8
Device \Driver\PCI_PNP5880 \Device\00000076 spfo.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E2F500
Device \Driver\NetBT \Device\NetbiosSmb 89E2F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{0620C40D-65E1-4868-B93C-555622AEEEEC} 89E2F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{39570C9F-E046-4172-B1E4-EA60CF67EFE2} 89E2F500
Device \Driver\usbuhci \Device\USBFDO-0 8A5421F8
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 8A5421F8
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 8A5421F8
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DA8500
Device \Driver\usbuhci \Device\USBFDO-3 8A5421F8
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DA8500
Device \Driver\usbhub \Device\000000ae hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 8A50E1F8
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{31037637-132F-476A-89C1-5FEE8636ABA4} 89E2F500
Device \Driver\usbhub \Device\000000af hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Ftdisk \Device\FtControl 8A8911F8
Device \Driver\agly0dkw \Device\Scsi\agly0dkw1 89B711F8
Device \Driver\agly0dkw \Device\Scsi\agly0dkw1Port2Path0Target0Lun0 89B711F8
Device \Driver\sptd \Device\3844924630 spfo.sys
Device \FileSystem\Fastfat \Fat 89D8F500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89D18500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 83400892
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 507444791
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x03 0x0A 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0xBA 0xEE 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0xB5 0xAC 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD9 0x03 0x0A 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0xBA 0xEE 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0xB5 0xAC 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF2 0x2D 0x14 0x53 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x67 0x04 0x41 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD8 0x4A 0x5E 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB0 0x45 0xF9 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xA4 0x48 0x39 0x7F ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:22:23 on 17.11.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Cognizance Corporation" - C:\WINDOWS\system32\APSHook.dll [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "agly0dkw" (agly0dkw) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\agly0dkw.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ALSysIO" (ALSysIO) - ? - C:\DOKUME~1\crasher\LOKALE~1\Temp\ALSysIO.sys (File not found) "ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys "Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys "Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys "Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys "Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys "Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys "Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys "Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys "catchme" (catchme) - ? - C:\DOKUME~1\crasher\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems IPsec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "Driver for MagicISO SCSI Host Controller" (mcdbus) - ? - C:\WINDOWS\System32\DRIVERS\mcdbus.sys (File not found) "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys "fwtdqpoc" (fwtdqpoc) - ? - C:\DOKUME~1\crasher\LOKALE~1\Temp\fwtdqpoc.sys (Hidden registry entry, rootkit activity | File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "ipswuio" (ipswuio) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\ipswuio.sys "ItSDisk" (ItSDisk) - "Cognizance Corporation" - C:\WINDOWS\System32\Drivers\ItSDisk.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SPBBCDrv" (SPBBCDrv) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMDNS.SYS "SymEvent" (SymEvent) - ? - C:\Programme\Symantec\SYMEVENT.SYS (File not found) "SYMFW" (SYMFW) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMFW.SYS "SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMIDS.SYS "SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20061215.005\symidsco.sys (File not found) "symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys "SYMNDIS" (SYMNDIS) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS "SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS "SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SYMTDI.SYS "TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys "USB2.0 1.3M WebCam" (SynMini) - ? - C:\WINDOWS\System32\Drivers\SynMini.sys (File signed by Microsoft | File found, but it contains no detailed information) "USB2.0 1.3M WebCam Still Image" (SynScan) - ? - C:\WINDOWS\System32\Drivers\SynScan.sys (File signed by Microsoft | File found, but it contains no detailed information) "VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\hcmon.sys "VMware kbd" (vmkbd) - "VMware, Inc." - C:\WINDOWS\system32\drivers\VMkbd.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "Vstor2 Virtual Storage Driver" (vstor2) - "VMware, Inc." - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "IE7 Uninstall Stub" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {666C7831-A9B6-4AB4-94ED-DC238C81E925} "Dokument-Manager (Shell Context Menu)" - "Cognizance Corporation" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll {666C7835-A9B6-4AB4-94ED-DC238C81E925} "Dokument-Manager (Shell Drive Properties)" - "Cognizance Corporation" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll {666C7832-A9B6-4AB4-94ED-DC238C81E925} "Dokument-Manager (Shell File Properties)" - "Cognizance Corporation" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll <binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found) "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found) {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} "Norton Internet Security 2006" - ? - (File not found | COM-object registry key not found) {472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "ASUS Security Protect Manager" - "Infineon Technologies AG" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll {9ECB9560-04F9-4bbc-943D-298DDF1699E1} "{9ECB9560-04F9-4bbc-943D-298DDF1699E1}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Bluetooth Manager.lnk" - "東芝公司。" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "Cisco Systems VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\VPN Client\vpngui.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "MultiFrame.lnk" - "ASUSTek Computer Inc." - C:\Programme\ASUS\Asus MultiFrame\MultiFrame.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\crasher\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\daemon.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACMON" - "ATK" - C:\Programme\ASUS\Splendid\ACMON.exe "ATICCC" - ? - "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" (File found, but it contains no detailed information) "ATKMEDIA" - "ASUSTeK Computer INC." - C:\Programme\ASUS\ATK Media\DMEDIA.EXE "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CognizanceTS" - "Cognizance Corporation" - rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "Power_Gear" - "ASUSTeK Computer Inc." - C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "VMware hqtray" - "VMware, Inc." - "C:\VMware\VMware Player\hqtray.exe" "WheelMouse" - ? - C:\ADVANC~1\wh_exec.exe "Wireless Console 2" - ? - C:\Programme\Wireless Console 2\wcourier.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\VPN Client\cvpnd.exe "COM Host" (comHost) - ? - "c:\Programme\Norton Internet Security\comHost.exe" (File not found) "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll "MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll "PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe "PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Symantec Core LC" (Symantec Core LC) - ? - "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" (File not found) "Symantec Event Manager" (ccEvtMgr) - ? - "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe" (File not found) "Symantec Internet Security Password Validation" (ccISPwdSvc) - ? - "c:\Programme\Norton Internet Security\ccPwdSvc.exe" (File not found) "Symantec Network Drivers Service" (SNDSrvc) - ? - "c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe" (File not found) "Symantec Network Proxy" (ccProxy) - ? - "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe" (File not found) "Symantec Settings Manager" (ccSetMgr) - ? - "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe" (File not found) "Symantec SPBBCSvc" (SPBBCSvc) - ? - "c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe" (File not found) "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\VMware\VMware Player\vmware-authd.exe "VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\WINDOWS\system32\vmnetdhcp.exe "VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\WINDOWS\system32\vmnat.exe "VMware Virtual Mount Manager Extended" (vmount2) - "VMware, Inc." - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "OneCard" - "Cognizance Corporation" - c:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
17.11.2010, 22:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner svchost.exe Sehr schick  Das von mbrcheck brauch ich noch
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2010, 22:41
| #15 |
| | Trojaner svchost.exe huch, tschuldigung Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 174):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 spfo.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E60000 ACPI.sys
0xB9E40000 fltmgr.sys
0xB9E2F000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9E10000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9DEA000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9DD2000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DC0000 sr.sys
0xB9D87000 PCTCore.sys
0xBA118000 PxHelp20.sys
0xB9D70000 KSecDD.sys
0xB9CE3000 Ntfs.sys
0xB9CB6000 NDIS.sys
0xB9CA3000 sfvfs02.sys
0xBA338000 sfhlp02.sys
0xB9C91000 sfdrv01.sys
0xB9C77000 Mup.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0xB94CA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9300000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB92EC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB92C4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB92B0000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB910F000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB90EB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB94BA000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB90D7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA430000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB94AA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xBA158000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9C4F000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
0xB90A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9084000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9C47000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA198000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xB9069000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xBA73E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C3F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB902A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9019000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8FE9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8F8B000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C27000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9C23000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0xB9C1F000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0xBA1F8000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8AD8000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8AB4000 \SystemRoot\system32\drivers\portcls.sys
0xBA238000 \SystemRoot\system32\drivers\drmk.sys
0xA89C4000 \SystemRoot\system32\DRIVERS\smserial.sys
0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA590000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xBA248000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA729000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA488000 \SystemRoot\System32\drivers\vga.sys
0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9041000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8941000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA88E8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8887000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8837000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA268000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA875F000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB8F6F000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xBA278000 \SystemRoot\system32\drivers\ip6fw.sys
0xA873D000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA8712000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA86A2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA89C0000 \SystemRoot\System32\Drivers\ItSDisk.sys
0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
0xA867F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5F8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xA865B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA85FD000 \SystemRoot\System32\Drivers\agly0dkw.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA84EC000 \SystemRoot\System32\Drivers\SynMini.sys
0xBA2D8000 \SystemRoot\System32\Drivers\STREAM.SYS
0xA89A0000 \SystemRoot\System32\Drivers\SYNSAM.SYS
0xBA3B8000 \SystemRoot\System32\Drivers\SynCamd.sys
0xA8472000 \SystemRoot\System32\Drivers\SynPin.sys
0xA78AC000 \SystemRoot\System32\Drivers\SynPipe.sys
0xBA600000 \SystemRoot\System32\Drivers\SynScan.sys
0xA899C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA602000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0xB9065000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA8994000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA7894000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8980000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6A7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09B000 \SystemRoot\System32\atikvmag.dll
0xBF0DF000 \SystemRoot\System32\ati3duag.dll
0xBF323000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA573F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA5611000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA5844000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA5754000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0xA562B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA524C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5349000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA5147000 \SystemRoot\system32\drivers\wdmaud.sys
0xA52D9000 \SystemRoot\system32\drivers\sysaudio.sys
0xA51D4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA4C47000 \??\C:\WINDOWS\system32\Drivers\hcmon.sys
0xA49AE000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
0xA496B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA48E6000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xA48A5000 \SystemRoot\System32\Drivers\HTTP.sys
0xA475D000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA398000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA5511000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xBA370000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xBA380000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
0xA46D1000 \??\C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys
0xA3B11000 \??\C:\DOKUME~1\crasher\LOKALE~1\Temp\fwtdqpoc.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 71):
0 System Idle Process
4 System
1492 C:\WINDOWS\system32\smss.exe
1640 csrss.exe
1668 C:\WINDOWS\system32\winlogon.exe
1712 C:\WINDOWS\system32\services.exe
1724 C:\WINDOWS\system32\lsass.exe
1932 C:\WINDOWS\system32\svchost.exe
|
|
Linear-Darstellung
