| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.11.2010, 22:27
| #1 | |||||
 |  MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Ich hatte zusätzlich eine interne Festplatte von einem Bekannten an mein System (Windows XP Pro SP3) angeschlossen. Nach dem Starten von Windows kam von Avira Guard folgende Meldung: Zitat:
Die zusätzliche Festplatte wurde unverzüglich danach wieder abgehängt und Windows neu gestartet. Avira Scannerlauf brachte danach Meldungen wie diese: Zitat:
Hab versucht mittel der Wiederherstellungskonsole beim Windowsstart mehrmals den MBR neu geschrieben. Inzwischen wurde bei einem Komplettscan in einer auf der Festplatte gespeicherten, aber nie installierten (ausgeführte EXE) ein Trojaner namens ' TR/Banker.Bancos.ncj' gefunden. Dieser Trojaner wurde in die Quarantäne verschoben. Zitat:
Weitere Suchläufe von Avira fanden nochmals den Trojaner. Zitat:
Dachte nun das System ist wieder sauber. Da Avira keine Meldungen mehr wegen Alureon.a mehr bringt. Doch mbr.exe zeigt nach wie vor folgendes Log: Zitat:
Herzlichen Dank im voraus für Eure Hilfe. |
|
25.11.2010, 15:06
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetZitat:
Wurde nur auf der internen Platte des Kollegen ein infizierter MBR gefunden oder auch auf deiner? Zitat:
__________________ |
|
25.11.2010, 18:45
| #3 | |||
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Hallo Arne,
__________________danke für deine Hilfe. Zitat:
Zitat:
Kann es sein, daß meine Festplatte gar nie vom Rootkit angegriffen wurde und die Meldung von "mbr.exe" bezüglich den "malicious code" und "copy of MBR" damit nichts zu tun hat? Edit: Zitat:
Leicht möglich, daß ich mich da irre und dies damit gar nicht zu tun hat. Ein Meldung daß C: infiziert sei, kam von Avira nie. LG |
|
26.11.2010, 18:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.11.2010, 21:57
| #5 | |
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet So Arne hier die gewünschten Logdateien: Log von Malwareybytes: Zitat:
Die Updatemitteilung von Microsoft wurde vorher von mir manuell deaktiviert. Hat also nichts mit einem Trojaner oder Rootkit zu tun. OTL Logdateien: OTL.Txt Code:
ATTFilter OTL logfile created on: 26.11.2010 21:30:36 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 62,07 Gb Free Space | 13,33% Space Free | Partition Type: NTFS Computer Name: *Mein_Computername* | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) PRC - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys File not found DRV - (PciCon) -- D:\PciCon.sys File not found DRV - (mbr) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys File not found DRV - (catchme) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (VBoxDrv) -- C:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek) DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (SaiH2541) -- C:\WINDOWS\system32\drivers\SaiH2541.sys (Saitek) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (Jahci) -- C:\WINDOWS\system32\DRIVERS\JAHCI.sys (JMicron) DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.) DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron ) DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youtube.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuz2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at" FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.22 23:28:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.22 23:28:54 | 000,000,000 | ---D | M] [2010.01.31 23:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.01.31 23:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\sz@mast.er [2010.11.25 23:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions [2010.10.29 17:07:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.08.14 11:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.17 18:25:26 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.06.05 14:23:23 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010.11.22 23:12:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\searchplugins\icqplugin-1.xml [2010.10.25 20:55:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\searchplugins\icqplugin-2.xml [2010.11.22 23:29:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\searchplugins\icqplugin-3.xml [2010.08.14 11:48:40 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\searchplugins\icqplugin.gif [2010.08.14 11:48:40 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\searchplugins\icqplugin.src [2010.09.19 12:12:11 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\searchplugins\icqplugin.xml [2010.11.25 23:34:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.05 20:12:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 17:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.18 20:59:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.02.07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll [2008.02.07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll [2008.02.07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll [2007.03.16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcm80.dll [2007.03.16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcp80.dll [2007.03.16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\msvcr80.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll [2008.02.07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll [2010.09.24 15:50:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.24 15:50:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.24 15:50:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.24 15:50:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.24 15:50:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.24 21:08:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuz2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuz2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuz2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.14 01:57:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.26 19:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.11.26 19:57:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.26 19:57:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.26 19:57:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.26 19:57:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.11.26 19:56:50 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe [2010.11.26 19:56:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.11.26 19:55:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.11.24 21:54:09 | 000,000,000 | --SD | C] -- C:\ComboFix [2010.11.24 20:59:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.11.24 20:57:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.11.24 20:57:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.11.24 20:57:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.11.24 20:57:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.11.24 20:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.11.24 20:55:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.11.24 20:49:36 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010.11.23 00:19:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine [2010.11.23 00:19:22 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2010.11.22 23:52:08 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\Administrator\Desktop\RootkitRevealer.exe [2010.11.22 23:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.11.22 23:21:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2010.11.22 23:20:59 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe [2010.11.18 20:59:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.18 20:59:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.18 20:59:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.16 21:59:01 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.11.16 21:59:00 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.11.16 21:58:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software [2010.11.16 21:58:28 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2010.11.16 21:58:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.11.16 21:57:42 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010.11.16 21:57:34 | 020,077,888 | ---- | C] (TuneUp Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TuneUpUtilities2011_de-DE.exe [2010.11.16 21:29:21 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2010.11.16 21:26:10 | 018,102,608 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\FreeYouTubeToMp3Converter39.exe [2010.10.29 22:33:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Marcus Bilder [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.26 21:29:15 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.11.26 21:28:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.26 21:19:01 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1060284298-1801674531-500UA.job [2010.11.26 19:57:29 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.26 19:46:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.11.26 19:44:38 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe [2010.11.26 17:11:58 | 000,296,448 | ---- | M] () -- C:\51vrpzlw.exe [2010.11.26 14:33:31 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A029F9AF-D4E4-4AD9-8B85-99B399A0A6EF}.job [2010.11.26 00:19:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1060284298-1801674531-500Core.job [2010.11.25 07:17:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.24 21:08:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.11.24 21:00:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010.11.24 20:49:36 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010.11.24 20:37:26 | 000,089,088 | ---- | M] () -- C:\mbr.exe [2010.11.23 18:51:12 | 000,147,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\catchme.exe [2010.11.23 00:01:16 | 000,744,853 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PAVARK.exe [2010.11.22 23:31:09 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.11.21 12:06:55 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.11.19 20:01:33 | 000,000,083 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.11.18 20:59:03 | 000,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.18 20:59:02 | 000,405,448 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.18 20:59:02 | 000,070,778 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.18 20:59:02 | 000,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TDSSKiller.exe [2010.11.17 01:07:48 | 000,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk [2010.11.16 21:58:59 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.11.16 21:58:59 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2011.lnk [2010.11.16 21:57:42 | 020,077,888 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TuneUpUtilities2011_de-DE.exe [2010.11.16 21:29:23 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EVEREST Home Edition.lnk [2010.11.16 21:26:10 | 018,102,608 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\FreeYouTubeToMp3Converter39.exe [2010.11.16 21:09:30 | 000,196,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.12 01:22:34 | 000,097,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\b-52 time retro.jpg [2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010.11.06 22:12:40 | 000,001,498 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2010.11.05 15:22:36 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk [2010.11.03 17:49:37 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.01 22:27:44 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\DVD-Covers.doc [2010.10.27 21:45:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.27 21:45:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.26 19:57:29 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.26 17:13:27 | 000,296,448 | ---- | C] () -- C:\51vrpzlw.exe [2010.11.24 20:57:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.11.24 20:57:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.11.24 20:57:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.11.24 20:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.11.24 20:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.11.24 20:37:40 | 000,089,088 | ---- | C] () -- C:\mbr.exe [2010.11.23 18:51:44 | 000,147,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\catchme.exe [2010.11.23 00:01:03 | 000,744,853 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PAVARK.exe [2010.11.21 12:06:55 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.11.16 21:58:59 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.11.16 21:58:59 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2011.lnk [2010.11.16 21:29:23 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\EVEREST Home Edition.lnk [2010.11.12 01:22:56 | 000,097,011 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\b-52 time retro.jpg [2010.10.27 21:45:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.10.27 21:45:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.10.17 23:55:32 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.08.21 15:25:20 | 000,001,817 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.04.15 18:58:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2010.04.02 14:04:12 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.09.02 18:39:59 | 000,001,079 | ---- | C] () -- C:\WINDOWS\pftp.ini [2009.08.17 19:18:19 | 000,000,083 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2009.07.04 09:14:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI [2009.07.04 09:10:22 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys [2009.07.04 09:10:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys [2009.05.22 22:49:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2009.05.22 22:47:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL [2009.05.21 19:33:21 | 000,000,198 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2009.05.15 19:20:10 | 000,196,096 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.14 19:18:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009.05.14 18:55:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009.05.14 18:55:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009.05.14 00:54:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.05.01 15:10:02 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541.Dll [2007.05.01 15:10:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_0C.dll [2007.05.01 15:10:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_10.dll [2007.05.01 15:10:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_0A.dll [2007.05.01 15:10:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_07.dll [2007.05.01 15:10:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_09.dll [2007.05.01 15:10:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_0402.dll [2007.05.01 15:10:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC2541_11.dll [2006.08.24 02:03:28 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.08.24 02:03:28 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.08.24 02:03:28 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.08.24 02:03:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.08.24 02:03:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.08.24 02:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.08.24 02:03:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Dokumente und Einstellungen\Administrator\Desktop\PAVARK.exe:License < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.11.2010 21:30:36 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 62,07 Gb Free Space | 13,33% Space Free | Partition Type: NTFS
Computer Name: *Mein_Computername* | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [edit] -- "C:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Ubisoft\Eagle Dynamics\Lock On\lockon.exe" = C:\Programme\Ubisoft\Eagle Dynamics\Lock On\lockon.exe:*:Enabled:LOCK ON -- (Eagle Dynamics)
"C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic.exe:*:Enabled:WORLD IN CONFLICT -- (Massive Entertainment AB)
"C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe:*:Enabled:WORLD IN CONFLICT - Nur Online -- (Massive Entertainment AB)
"C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe" = C:\Programme\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe:*:Enabled:WORLD IN CONFLICT - Dedizierter Server -- ()
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57bdb09c-c10f-472f-b87f-02ba71bdda46}" = Nero 9 Lite
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADF29850-DAD7-4F1D-B9DE-0AC58A167C0F}" = Sun VirtualBox
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CF48A02C-E0F0-4A8A-BAB3-EDB68DD0BD49}" = Saitek SD6 Programming Software 6.6.6.9
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DEC4E547-7EB8-49A8-919C-9570064280C7}" = Gut Gemischt 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Air Combat Simulation
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}" = ULi SATA Driver
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2009 Advanced_is1" = Ashampoo Burning Studio 2009 Advanced
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"CloneDVD2" = CloneDVD2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Lock On 1.1" = Lock On 1.1
"LockOn Flaming Cliffs 2_is1" = LockOn Flaming Cliffs 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.46a
"NVIDIA Drivers" = NVIDIA Drivers
"Rename Master_is1" = Rename Master
"Security Task Manager" = Security Task Manager 1.7h
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"Tunatic" = Tunatic
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.5
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.4
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 14:13:39 | Computer Name = *Mein_Computername* | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul gcswf32.dll, Version 10.1.82.76, Fehleradresse 0x0017e70e.
Error - 25.08.2010 15:58:50 | Computer Name = *Mein_Computername* | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.08.2010 10:48:45 | Computer Name = *Mein_Computername* | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul gcswf32.dll, Version 10.1.82.76, Fehleradresse 0x0017e70e.
Error - 27.09.2010 01:34:42 | Computer Name = *Mein_Computername* | Source = ESENT | ID = 490
Description = svchost (344) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 23.10.2010 04:36:35 | Computer Name = *Mein_Computername* | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x011c001b.
Error - 24.10.2010 05:49:11 | Computer Name = *Mein_Computername* | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x80808080.
Error - 24.10.2010 17:44:33 | Computer Name = *Mein_Computername* | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CloneDVD2.exe, Version 2.9.2.8, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.11.2010 15:23:31 | Computer Name = *Mein_Computername* | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CloneDVD2.exe, Version 2.9.2.8, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.11.2010 19:32:19 | Computer Name = *Mein_Computername* | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tdsskiller.exe, Version 2.4.8.0, fehlgeschlagenes
Modul tdsskiller.exe, Version 2.4.8.0, Fehleradresse 0x00049ce3.
Error - 26.11.2010 14:54:12 | Computer Name = *Mein_Computername* | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x152a9914.
[ System Events ]
Error - 25.11.2010 02:17:17 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2010 02:17:26 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 25.11.2010 13:34:03 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2010 13:34:19 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 26.11.2010 09:28:59 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.11.2010 09:29:09 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 26.11.2010 14:52:34 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.11.2010 14:52:42 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 26.11.2010 16:29:07 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.11.2010 16:29:20 | Computer Name = *Mein_Computername* | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
< End of report >
Warum fehlte bei mir im "Gmer-Protokoll" folgende Meldung? MBR rootkit code detected ! LG |
|
27.11.2010, 14:58
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetZitat:
 Poste das Log von CF!
__________________ --> MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet |
|
27.11.2010, 15:27
| #7 | ||
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetZitat:
Zitat:
ComboFix Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-11-24.01 - Administrator 24.11.2010 21:00:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1376 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe4.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-24 bis 2010-11-24 ))))))))))))))))))))))))))))))
.
2010-11-24 19:49 . 2010-11-24 19:49 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-24 19:37 . 2010-11-24 19:37 89088 ----a-w- C:\mbr.exe
2010-11-24 19:23 . 2010-11-24 19:23 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Eigene Dateien
2010-11-22 23:19 . 2010-11-22 23:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
2010-11-22 23:19 . 2010-11-22 23:19 -------- d-----w- c:\programme\ConduitEngine
2010-11-22 23:19 . 2010-11-22 23:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-22 22:21 . 2010-11-22 22:21 -------- d-----w- C:\TDSSKiller_Quarantine
2010-11-16 20:59 . 2010-10-26 13:48 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-11-16 20:59 . 2010-10-26 13:43 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-11-16 20:58 . 2010-11-16 20:58 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2010-11-16 20:58 . 2010-11-16 20:59 -------- d-----w- c:\programme\TuneUp Utilities 2011
2010-11-16 20:58 . 2010-11-16 20:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-11-16 20:57 . 2010-11-16 20:57 -------- d-sh--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-16 20:29 . 2010-11-16 20:29 -------- d-----w- c:\programme\Lavalys
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\programme\Internet Explorer\Plugins\nppdf32.dll
2010-11-03 16:50 . 2010-11-03 16:50 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2010-10-27 20:45 . 2010-10-27 20:45 1409 ----a-w- c:\windows\QTFont.for
2010-10-25 20:55 . 2010-10-25 20:55 -------- d-----w- C:\FAMILIENTREFFEN
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 22:31 . 2009-05-14 18:03 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-03 16:49 . 2009-05-14 18:03 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-30 21:25 . 2010-09-30 21:25 30376 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-15 03:50 . 2010-05-05 19:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2009-09-18 16:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\programme\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\programme\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\programme\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programme\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\programme\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26 3908192 ----a-w- c:\programme\Vuze_Remote\tbVuz2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programme\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programme\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Google Update"="c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2010-04-19 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7557120]
"nwiz"="nwiz.exe" [2006-08-24 1519616]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"ProfilerU"="c:\programme\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\programme\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Scanner Finder.lnk - c:\programme\ScanWizard 5\ScannerFinder.exe [2009-7-4 315392]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Messenger\\Msmsgs.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Ubisoft\\Eagle Dynamics\\Lock On\\lockon.exe"=
"c:\\Programme\\Sierra Entertainment\\WORLD IN CONFLICT\\wic.exe"=
"c:\\Programme\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_online.exe"=
"c:\\Programme\\Sierra Entertainment\\WORLD IN CONFLICT\\wic_ds.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
R0 Jahci;Jahci;c:\windows\system32\drivers\Jahci.sys [25.10.2005 10:35 33280]
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [14.05.2009 19:17 52480]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 13:46 63352]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [01.02.2010 00:05 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [01.02.2010 00:05 41616]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.05.2009 19:03 135336]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [14.08.2010 11:48 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [26.10.2010 14:46 1483072]
R3 SaiH2541;SaiH2541;c:\windows\system32\drivers\SaiH2541.sys [01.05.2007 15:10 132232]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [29.11.2009 11:44 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07.10.2010 13:34 10064]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [14.05.2009 18:55 28672]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [30.11.2009 12:27 100048]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [30.11.2009 12:27 110992]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [29.11.2009 11:44 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [22.08.2009 20:06 13224]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [05.06.2009 21:41 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [05.06.2009 21:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [05.06.2009 21:41 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [05.06.2009 21:41 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [05.06.2009 21:41 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [05.06.2009 21:41 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [05.06.2009 21:41 117672]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [05.06.2009 21:41 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [05.06.2009 21:41 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [05.06.2009 21:41 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [05.06.2009 21:41 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [05.06.2009 21:41 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [05.06.2009 21:41 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [05.06.2009 21:41 117544]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - awriruod
*Deregistered* - RKREVEAL150
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1060284298-1801674531-500Core.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-04-19 20:04]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1060284298-1801674531-500UA.job
- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-04-19 20:04]
2010-11-23 c:\windows\Tasks\User_Feed_Synchronization-{A029F9AF-D4E4-4AD9-8B85-99B399A0A6EF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.youtube.com/
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kasiunvi.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npicaN.dll
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-24 21:08
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-790525478-1060284298-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,b4,c1,fd,c3,56,1b,44,97,46,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,ab,4c,12,41,b2,14,47,ad,c8,7c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,b4,c1,fd,c3,56,1b,44,97,46,c5,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-11-24 21:10:56
ComboFix-quarantined-files.txt 2010-11-24 20:10
Vor Suchlauf: 34 Verzeichnis(se), 65.560.514.560 Bytes frei
Nach Suchlauf: 37 Verzeichnis(se), 66.577.620.992 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 63AEEDBBE459CAD916496FB19B9D18B2
|
|
27.11.2010, 17:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.11.2010, 17:49
| #9 | ||
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet GMER Log: Zitat:
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:45:52 on 27.11.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-790525478-1060284298-1801674531-500Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-790525478-1060284298-1801674531-500UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "Aspi32" (Aspi32) - ? - C:\WINDOWS\system32\drivers\Aspi32.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "awriruog" (awriruog) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\awriruog.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys (File not found) "PciCon" (PciCon) - ? - D:\PciCon.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SaiH2541" (SaiH2541) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH2541.sys "SaiMini" (SaiMini) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiMini.sys "SaiNtBus" (SaiNtBus) - "Saitek" - C:\WINDOWS\System32\drivers\SaiBus.sys "sptd" (sptd) - ? - C:\WINDOWS\System32\Drivers\sptd.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys "VBoxNetFlt Service" (VBoxNetFlt) - "Sun Microsystems, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys "VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Sun Microsystems, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys "VirtualBox Service" (VBoxDrv) - "Sun Microsystems, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxDrv.sys "VirtualBox USB Monitor Driver" (VBoxUSBMon) - "Sun Microsystems, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Programme\Vuze_Remote\tbVuz2.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Programme\Vuze_Remote\tbVuz2.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Programme\Messenger\Msgslang.dll,-61144" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Programme\Vuze_Remote\tbVuz2.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Programme\Vuze_Remote\tbVuz2.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Scanner Finder.lnk" - ? - C:\Programme\ScanWizard 5\ScannerFinder.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Google Update" - "Google Inc." - "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c "MSMSGS" - "Microsoft Corporation" - "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe "SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] MBR Check Log: Zitat:
|
|
27.11.2010, 18:27
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Log von mbrcheck ist unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.11.2010, 18:33
| #11 | ||
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetZitat:
Vollständiges Protokoll (nochmals ausgeführt!) Zitat:
|
|
27.11.2010, 18:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.11.2010, 13:49
| #13 | ||
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet Malwarebytes Log: Zitat:
Zitat:
|
|
28.11.2010, 13:56
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetZitat:
Noch Probleme oder andere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.11.2010, 14:04
| #15 | |
| | MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldetZitat:
LG |
|
| Themen zu MBR reparieren, da mbr.exe "malicious code" und "copy of MBR" meldet |
| avira, avira guard, bootsektorvirus, code, datei, exe, festplatte, folge, gmer, guard, interne festplatte, laufwerk, laufwerke, log, malicious code, masterbootsektor, masterbootsektor hd0, mbr reparieren, mbr.exe, neu, programm, reparieren, scan, sp3, starten, system, system volume information, trojaner, virus, windows, windows xp |
Linear-Darstellung
