| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google-Anfragen werden umgeleitetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.12.2010, 17:36
| #16 |
 |  Google-Anfragen werden umgeleitet Hier die logfile für deine Anweisung: Zitat "killall:: Rootkit:: C:\Users\*******\AppData\Roaming\inst.exe Folder:: C:\Users\*******\AppData\Roaming\Yctiop C:\Users\*******\AppData\Roaming\Yctiop " ComboFix 10-12-10.01 - ******* 11.12.2010 17:13:19.7.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2595 [GMT 1:00] ausgeführt von:: C:\Users\*******\Desktop\ComboFix.exe Benutzte Befehlsschalter :: C:\Users\*******\Desktop\cfscript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\*******\AppData\Roaming\Yctiop C:\Users\*******\AppData\Roaming\Yctiop\ydci.car . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 16:19:17 . 2010-12-11 16:20:31 -------- d-----w- C:\Users\*******\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . |
|
11.12.2010, 17:40
| #17 |
| /// Malware-holic   | Google-Anfragen werden umgeleitet ich brauch noch mal neue otl logs.
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt extras.txt poste beide
__________________ |
|
11.12.2010, 17:41
| #18 |
| | Google-Anfragen werden umgeleitet ANMERKUNG:
__________________Als ich beim ersten mal combofix im abgesicherten modus habe durchlaufen lassen, war antivir automatisch inaktiv... als ich es jetzt die letzten beiden mal gemacht habe war antivir (auch wieder im abgesicherten modus) angeblich aktiviert - obwohl es weder unten in der tasklesite war, noch im task manager in prozessen zu sehen - habe somit vergeblich versucht antivir zu "disablen"...! |
|
11.12.2010, 17:42
| #19 |
| /// Malware-holic | Google-Anfragen werden umgeleitet ist nicht so wild. mach bitte weiter mit otl
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.12.2010, 17:56
| #20 |
| | Google-Anfragen werden umgeleitet OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.12.2010 17:43:14 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\*******\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,12 Gb Total Space | 48,97 Gb Free Space | 44,06% Space Free | Partition Type: NTFS Drive G: | 64,65 Gb Total Space | 0,43 Gb Free Space | 0,66% Space Free | Partition Type: NTFS Computer Name: *******-PC | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IDriverT) -- c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\*******\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Radio Bar 2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.backup.ftp: "proxy.*******.de" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "proxy.*******.de" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.*******.de" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.*******.de" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.*******.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "proxy.*******.de" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "proxy.*******.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.*******.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.*******.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.22 17:05:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 14:11:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 11:41:21 | 000,000,000 | ---D | M] [2010.04.01 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions [2010.12.11 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions [2010.08.11 20:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.18 14:31:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar [2010.06.08 10:30:42 | 000,000,925 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\conduit.xml [2010.11.09 14:27:22 | 000,002,101 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\googlede.xml [2010.11.05 16:22:10 | 000,001,583 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\st9xz2n9.default\searchplugins\web-search.xml [2010.04.01 10:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.09.09 13:13:50 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.09 13:13:50 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.09 13:13:50 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.09 13:13:50 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.09 13:13:50 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.11 17:20:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: corel.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: corel.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3632718627-2461714518-3291536374-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.12.11 17:20:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.12.11 17:19:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.12.11 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\temp [2010.12.11 17:11:50 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.12.11 13:56:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.12.11 13:56:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.12.11 13:56:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.12.11 13:56:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.12.11 13:56:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.12.11 13:55:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.12.11 00:50:07 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.11 00:46:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe [2010.12.10 19:26:53 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\pdf24 [2010.12.10 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2010.12.09 20:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\windows [2010.12.09 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\Belegarbeit QBWL [2010.11.21 12:46:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*******\AppData\Roaming\pcouffin.sys [2010.11.21 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Vso [2010.11.21 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\PcSetup [2010.11.20 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\TOEFL Lern CD [2010.11.20 12:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft ========== Files - Modified Within 30 Days ========== [2010.12.11 17:36:37 | 000,713,632 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.11 17:36:37 | 000,669,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.11 17:36:37 | 000,141,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.11 17:36:37 | 000,123,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.11 17:32:58 | 000,189,918 | ---- | M] () -- C:\Users\*******\AppData\Roaming\nvModes.001 [2010.12.11 17:32:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.11 17:32:25 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.11 17:32:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.11 17:32:16 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.12.11 17:20:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.12.11 17:06:20 | 000,003,308 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.12.11 15:34:38 | 334,026,907 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.11 15:23:54 | 000,052,879 | ---- | M] () -- C:\Users\*******\Desktop\Unbenannt.jpg [2010.12.11 15:19:39 | 000,000,020 | ---- | M] () -- C:\Users\*******\defogger_reenable [2010.12.11 15:19:06 | 000,050,477 | ---- | M] () -- C:\Users\*******\Desktop\Defogger.exe [2010.12.11 13:54:41 | 003,988,290 | R--- | M] () -- C:\Users\*******\Desktop\ComboFix.exe [2010.12.11 00:46:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe [2010.12.10 19:38:03 | 000,140,800 | ---- | M] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.10 19:26:26 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.12.10 19:14:42 | 000,189,918 | ---- | M] () -- C:\Users\*******\AppData\Roaming\nvModes.dat [2010.12.10 16:14:41 | 000,012,662 | ---- | M] () -- C:\Users\*******\Desktop\Gliederung QBWL.docx [2010.12.09 19:48:32 | 000,000,012 | ---- | M] () -- C:\Users\*******\AppData\Roaming\abpzlw.dat [2010.12.08 22:04:42 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.04 22:07:12 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.12.02 12:35:50 | 000,012,735 | ---- | M] () -- C:\Users\*******\Documents\Der Code des BösenKatharina Bogner.docx [2010.11.22 18:03:57 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.21 12:46:33 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*******\AppData\Roaming\pcouffin.sys [2010.11.21 12:46:33 | 000,007,887 | ---- | M] () -- C:\Users\*******\AppData\Roaming\pcouffin.cat [2010.11.21 12:46:33 | 000,001,144 | ---- | M] () -- C:\Users\*******\AppData\Roaming\pcouffin.inf [2010.11.20 12:57:38 | 000,145,583 | ---- | M] () -- C:\Windows\rg.xml [2010.11.20 12:57:09 | 000,000,073 | ---- | M] () -- C:\Windows\userList.xml [2010.11.20 12:51:58 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib ========== Files Created - No Company Name ========== [2010.12.11 17:19:51 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2010.12.11 15:23:54 | 000,052,879 | ---- | C] () -- C:\Users\*******\Desktop\Unbenannt.jpg [2010.12.11 15:19:28 | 000,000,020 | ---- | C] () -- C:\Users\*******\defogger_reenable [2010.12.11 15:19:06 | 000,050,477 | ---- | C] () -- C:\Users\*******\Desktop\Defogger.exe [2010.12.11 13:56:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.12.11 13:56:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.12.11 13:56:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2010.12.11 13:56:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.12.11 13:56:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.12.11 13:53:57 | 003,988,290 | R--- | C] () -- C:\Users\*******\Desktop\ComboFix.exe [2010.12.10 19:26:26 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2010.12.10 14:21:29 | 000,012,662 | ---- | C] () -- C:\Users\*******\Desktop\Gliederung QBWL.docx [2010.12.09 19:48:32 | 000,000,012 | ---- | C] () -- C:\Users\*******\AppData\Roaming\abpzlw.dat [2010.12.02 12:35:50 | 000,012,735 | ---- | C] () -- C:\Users\*******\Documents\Der Code des BösenKatharina Bogner.docx [2010.11.21 12:46:33 | 000,007,887 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.cat [2010.11.21 12:46:33 | 000,001,144 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.inf [2010.11.21 12:46:33 | 000,000,055 | ---- | C] () -- C:\Users\*******\AppData\Roaming\pcouffin.log [2010.11.20 12:57:38 | 000,145,583 | ---- | C] () -- C:\Windows\rg.xml [2010.11.20 12:57:09 | 000,000,073 | ---- | C] () -- C:\Windows\userList.xml [2010.11.20 12:51:58 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.06 17:41:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.11.06 17:41:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.10.12 21:15:04 | 000,001,658 | ---- | C] () -- C:\Users\*******\AppData\Roaming\filterclsid.dat [2010.10.12 20:56:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.10.12 20:48:44 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.08.27 11:57:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.15 22:33:14 | 000,000,027 | ---- | C] () -- C:\Windows\NeoSetup.INI [2010.04.11 18:03:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.04.01 19:19:26 | 000,140,800 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.01 11:24:56 | 000,002,032 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat [2010.04.01 11:24:46 | 000,189,918 | ---- | C] () -- C:\Users\*******\AppData\Roaming\nvModes.dat [2010.04.01 11:24:46 | 000,189,918 | ---- | C] () -- C:\Users\*******\AppData\Roaming\nvModes.001 [2007.09.12 00:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.09.12 00:54:26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.08.28 18:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.01 02:41:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2005.01.01 02:15:08 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2005.01.01 02:12:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010.06.10 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite [2010.08.11 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.12 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeFLVConverter [2010.10.21 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InterVideo [2010.06.16 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView [2010.09.22 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia [2005.01.01 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera [2010.09.22 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite [2010.11.06 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Samsung [2010.09.11 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thinstall [2010.11.21 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vso [2010.08.17 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames [2010.12.11 17:06:20 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.01 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Adobe [2010.04.18 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Ahead [2005.01.01 01:44:50 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Avira [2010.10.12 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\AVS4YOU [2010.10.21 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\CyberLink [2010.06.10 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite [2010.04.01 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DivX [2010.09.06 13:00:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\dvdcss [2010.08.11 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.12 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeFLVConverter [2010.04.16 13:34:15 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Google [2007.11.02 09:56:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Identities [2010.10.21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InstallShield [2010.10.21 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\InterVideo [2010.06.16 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView [2007.11.02 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Macromedia [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Media Center Programs [2010.09.30 11:04:26 | 000,000,000 | --SD | M] -- C:\Users\*******\AppData\Roaming\Microsoft [2010.04.01 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mozilla [2010.09.22 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Nokia [2005.01.01 06:47:00 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Opera [2010.09.22 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PC Suite [2010.11.06 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Samsung [2010.07.26 18:05:58 | 000,000,000 | RH-D | M] -- C:\Users\*******\AppData\Roaming\SecuROM [2010.05.28 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Skype [2010.08.15 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\SmartFTP [2010.10.04 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sony Corporation [2010.09.11 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thinstall [2010.10.23 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\vlc [2010.11.21 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vso [2010.04.01 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\WinRAR [2010.08.17 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\YoudaGames < %APPDATA%\*.exe /s > [2010.10.28 20:06:24 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\*******\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.08.15 10:36:29 | 000,157,733 | R--- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{D2FA7DE1-ED1A-4F9F-949F-B680C470D3FE}\SmartFTP.exe [2010.11.06 17:43:15 | 000,555,008 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\ERDNT\cache\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\ERDNT\cache\explorer.exe [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2010.04.03 12:00:09 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2010.04.03 12:00:09 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.04.03 12:00:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe < MD5 for: IASTOR.SYS > [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\SATA Driver (Intel) (Non-RAID) 7.0A - 7.0.0.1020\iastor.sys [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys < MD5 for: IASTORV.SYS > [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: SCECLI.DLL > [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\ERDNT\cache\user32.dll [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2007.11.02 10:23:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.11.02 18:48:17 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.11.02 18:48:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.11.02 18:48:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.11.02 18:48:24 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.11.02 18:48:25 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2006.11.02 10:46:13 | 000,221,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.12.2010 17:43:14 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\*******\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,12 Gb Total Space | 48,97 Gb Free Space | 44,06% Space Free | Partition Type: NTFS
Drive G: | 64,65 Gb Total Space | 0,43 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3632718627-2461714518-3291536374-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9F9D674-9800-46A5-89C4-950EE1438C14}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017FBF47-4C08-442F-82EB-B70CF25FD24A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{0986E903-FF78-40AB-9041-9DE8E4774157}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{11252DA3-2C4C-4DC9-A4A7-8E8508A920E6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{211F9847-C23B-429A-9EED-53051EFD6D0B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{252E50B3-78BA-43E2-81FB-F4FEE6044BAE}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{2C1ABDBC-AB50-4393-94BA-A2BF17DEF0D1}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{2FD71130-1434-4DD9-B2B7-6905A3AF0747}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe |
"{3E3FC247-C1DB-4D6A-A8C3-74AA7D291D60}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{6303ADC9-81DD-4FBC-A42F-7936A0385CD0}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{673C4C35-AB5C-4E00-B827-1756EE937273}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011-100.exe |
"{692E71DC-6174-4FCB-8B3C-9209BA5A166A}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{6CB8EA47-8D1C-4158-B29B-2EF02F94AE3C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6ED36A2A-4744-440F-B66F-DE6ABCA86292}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011.exe |
"{7AD9F89D-C35C-4224-837B-526B4D976EAD}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011-100.exe |
"{86A2CA44-0871-4AF0-8BEC-F57738CE7610}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{957929D6-8474-46DB-98CD-79085BB2284A}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011-100.exe |
"{96291C2E-0B98-49E5-BDC6-9473429D3973}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{975B8B1D-6BE4-4F13-A256-93EF26A66E1A}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2011\pes2011-100.exe |
"{9F0B9C03-B50D-4FFA-BC86-2EC56955B424}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd9.exe |
"{BEDCC1D7-3393-4F24-AEA2-D9149770F853}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{C9F4128F-B0C9-463D-910B-5B7A73257D10}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{E7F2FBFC-4044-499D-9BE2-2F7C5B82BE9B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5C9CEF25-6F70-4916-AFE2-67DC66E440F9}" = SmartFTP Client
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1" = Governor of Poker 2 Premium Edition v1.0 Multi
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D2FA7DE1-ED1A-4F9F-949F-B680C470D3FE}" = SmartFTP Client German (Germany) MUI
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"0216B19FFB37CDD2B09298B6C184F90316C813B1" = Windows Driver Package - Intel (NETw4v32) net (06/20/2007 11.1.1.16)
"1713EFD0409BCDF53DED33020E5FE8E4FB97BA41" = Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"B8F60C0D48BE9CDD36117829702A2631F7C489C7" = Windows Driver Package - Intel net (06/20/2007 11.1.1.16)
"Carom3D" = Carom3D
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" =
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video Dub_is1" = Free Video Dub version 1.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"gtfirstboot Setting Request" =
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"MarketingTools" = Vaio Marketing Tools
"MFU Module" =
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa2" = Picasa 2
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Trials 2 Second Edition_is1" = Trials 2 Second Edition v1.08
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" =
"VAIO_Premiere" =
"VAIO_Standard" =
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
11.12.2010, 18:03
| #21 |
| /// Malware-holic | Google-Anfragen werden umgeleitet
__________________ --> Google-Anfragen werden umgeleitet |
|
11.12.2010, 18:55
| #22 |
| | Google-Anfragen werden umgeleitet GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-11 18:53:16
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: itwf7jqy.exe; Driver: C:\Users\*******\AppData\Local\Temp\kgliqpow.sys
---- System - GMER 1.0.15 ----
SSDT 8B4F2400 ZwOpenProcess
SSDT 8B4F2405 ZwOpenThread
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E536340, 0x3441C7, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0x9F883000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0x9F8A6050]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CBFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C8B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C7A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C7CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C78AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C8CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C77D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C77CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C76A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D0C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C97F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C790CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C82179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C821A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C87F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C87D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CB83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process (*** hidden *** ) -2072377256
Process (*** hidden *** ) -2066368880
Process (*** hidden *** ) -2066196152
Process (*** hidden *** ) -2066194944
Process (*** hidden *** ) -2065167656
Process (*** hidden *** ) -2065085992
Process (*** hidden *** ) -2064787424
Process (*** hidden *** ) -2064709536
Process (*** hidden *** ) -2064555848
Process (*** hidden *** ) -2064203592
Process (*** hidden *** ) -2064032256
Process (*** hidden *** ) -2063862304
Process (*** hidden *** ) -2063569656
Process (*** hidden *** ) -2063268432
Process (*** hidden *** ) -2063050688
Process (*** hidden *** ) -2063006272
Process (*** hidden *** ) -2062134760
Process (*** hidden *** ) -2061046272
Process (*** hidden *** ) -2060992328
Process (*** hidden *** ) -2060240400
Process (*** hidden *** ) -2060224112
Process (*** hidden *** ) -2060199688
Process (*** hidden *** ) -2044251472
Process (*** hidden *** ) -2043675952
Process (*** hidden *** ) -2043254456
Process (*** hidden *** ) -2043023872
Process (*** hidden *** ) -2042807288
Process (*** hidden *** ) -2042739000
Process (*** hidden *** ) -2041007944
Process (*** hidden *** ) -2040810872
Process (*** hidden *** ) -2035497232
Process (*** hidden *** ) -2024026624
Process (*** hidden *** ) -1999096368
Process (*** hidden *** ) -1999024640
Process (*** hidden *** ) -1990427136
Process (*** hidden *** ) -1990199592
Process (*** hidden *** ) -1985421824
Process (*** hidden *** ) -1981680984
Process (*** hidden *** ) -1981619776
Process (*** hidden *** ) -1981408488
Process (*** hidden *** ) -1980924416
Process (*** hidden *** ) -1980728880
Process (*** hidden *** ) -1980716160
Process (*** hidden *** ) -1980499576
Process (*** hidden *** ) -1980494504
Process (*** hidden *** ) -1980251032
Process (*** hidden *** ) -1980248576
Process (*** hidden *** ) -1980015800
Process (*** hidden *** ) -1979473736
Process (*** hidden *** ) -1979434024
Process (*** hidden *** ) -1979344080
Process (*** hidden *** ) -1979322184
Process (*** hidden *** ) -1979277128
Process (*** hidden *** ) -1979224576
Process (*** hidden *** ) -1979182920
Process (*** hidden *** ) -1979084616
Process (*** hidden *** ) -1979038696
Process (*** hidden *** ) -1979022136
Process (*** hidden *** ) -1978824344
Process (*** hidden *** ) -1978612744
Process (*** hidden *** ) -1978573992
Process (*** hidden *** ) -1978565120
Process (*** hidden *** ) -1978451168
Process (*** hidden *** ) -1978378928
Process (*** hidden *** ) -1978378232
Process (*** hidden *** ) -1978353856
Process (*** hidden *** ) -1978257920
Process (*** hidden *** ) -1978139136
Process (*** hidden *** ) -1978132448
Process (*** hidden *** ) -1976991560
Process (*** hidden *** ) -1976807240
Process (*** hidden *** ) -1976774472
Process (*** hidden *** ) -1976567488
Process (*** hidden *** ) -1976554024
Process (*** hidden *** ) -1976534040
Process (*** hidden *** ) -1976410976
Process (*** hidden *** ) -1976343968
Process (*** hidden *** ) -1976342104
Process (*** hidden *** ) -1976335408
Process (*** hidden *** ) -1976328008
Process (*** hidden *** ) -1976321816
Process (*** hidden *** ) -1976321120
Process (*** hidden *** ) -1976300032
Process (*** hidden *** ) -1976297896
Process (*** hidden *** ) -1976288128
Process (*** hidden *** ) -1976185344
Process (*** hidden *** ) -1976045384
Process (*** hidden *** ) -1975876184
Process (*** hidden *** ) -1975864456
Process (*** hidden *** ) -1975803720
Process (*** hidden *** ) -1975781096
Process (*** hidden *** ) -1975749360
Process (*** hidden *** ) -1975729992
Process (*** hidden *** ) -1975702600
Process (*** hidden *** ) -1975691536
Process (*** hidden *** ) -1975690144
Process (*** hidden *** ) -1975643200
Process (*** hidden *** ) -1975588896
Process (*** hidden *** ) -1975471944
Process (*** hidden *** ) -1975470632
Process (*** hidden *** ) -1974987864
Process (*** hidden *** ) -1974951752
Process (*** hidden *** ) -1974949088
Process (*** hidden *** ) -1974943056
Process (*** hidden *** ) -1974935368
Process (*** hidden *** ) -1974859400
Process (*** hidden *** ) -1974493000
Process (*** hidden *** ) -1974457488
Process (*** hidden *** ) -1974455248
Process (*** hidden *** ) -1973995208
Process (*** hidden *** ) -1973863568
Process (*** hidden *** ) -1962243112
Process (*** hidden *** ) -1497025104
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb56facb
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8976cf
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8976cf@0014a7737ef0 0x35 0x0D 0x6A 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8976cf@001963e8ebf2 0x75 0xE2 0x75 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8976cf@0023f1ba1065 0xAE 0x58 0xAE 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8976cf@f49f54a5dd05 0xA1 0x22 0x66 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x90 0xC1 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb56facb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8976cf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8976cf@0014a7737ef0 0x35 0x0D 0x6A 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8976cf@001963e8ebf2 0x75 0xE2 0x75 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8976cf@0023f1ba1065 0xAE 0x58 0xAE 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8976cf@f49f54a5dd05 0xA1 0x22 0x66 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x90 0xC1 0x3F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
|
|
11.12.2010, 19:11
| #23 |
| /// Malware-holic | Google-Anfragen werden umgeleitet avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig. den update auftrag auf 1x pro tag einstellen. und "nachhohlen falls zeit überschritten" auswählen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.12.2010, 23:06
| #24 |
| | Google-Anfragen werden umgeleitet Avira AntiVir Personal Erstellungsdatum der Reportdatei: Samstag, 11. Dezember 2010 20:41 Es wird nach 3138734 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (plain) [6.0.6000] Boot Modus : Normal gebootet Benutzername : ******* Computername : *******-PC Versionsinformationen: BUILD.DAT : 10.0.0.607 31826 Bytes 30.11.2010 19:07:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 30.11.2010 17:12:38 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.11.2010 17:13:00 LUKE.DLL : 10.0.3.2 104296 Bytes 30.11.2010 17:12:46 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:12:50 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 17:12:51 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 17:12:54 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 17:12:56 VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 17:12:57 VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 17:12:57 VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 17:12:57 VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 17:12:57 VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 17:12:57 VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 17:12:57 VBASE015.VDF : 7.10.13.180 123904 Bytes 09.11.2010 17:12:58 VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 17:12:58 VBASE017.VDF : 7.10.13.243 147456 Bytes 15.11.2010 17:12:58 VBASE018.VDF : 7.10.14.15 142848 Bytes 17.11.2010 17:12:58 VBASE019.VDF : 7.10.14.41 134144 Bytes 19.11.2010 17:12:58 VBASE020.VDF : 7.10.14.63 128000 Bytes 22.11.2010 17:12:58 VBASE021.VDF : 7.10.14.87 143872 Bytes 24.11.2010 17:12:58 VBASE022.VDF : 7.10.14.116 140800 Bytes 26.11.2010 17:12:58 VBASE023.VDF : 7.10.14.147 150528 Bytes 30.11.2010 17:16:23 VBASE024.VDF : 7.10.14.175 126464 Bytes 03.12.2010 19:25:46 VBASE025.VDF : 7.10.14.203 120320 Bytes 07.12.2010 19:25:46 VBASE026.VDF : 7.10.14.230 137216 Bytes 09.12.2010 19:25:46 VBASE027.VDF : 7.10.14.231 2048 Bytes 09.12.2010 19:25:46 VBASE028.VDF : 7.10.14.232 2048 Bytes 09.12.2010 19:25:46 VBASE029.VDF : 7.10.14.233 2048 Bytes 09.12.2010 19:25:46 VBASE030.VDF : 7.10.14.234 2048 Bytes 09.12.2010 19:25:46 VBASE031.VDF : 7.10.14.255 78848 Bytes 10.12.2010 19:25:46 Engineversion : 8.2.4.122 AEVDF.DLL : 8.1.2.1 106868 Bytes 30.11.2010 17:12:35 AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 11.12.2010 19:25:51 AESCN.DLL : 8.1.7.2 127349 Bytes 30.11.2010 17:12:34 AESBX.DLL : 8.1.3.2 254324 Bytes 30.11.2010 17:12:34 AERDL.DLL : 8.1.9.2 635252 Bytes 30.11.2010 17:12:34 AEPACK.DLL : 8.2.4.1 512375 Bytes 11.12.2010 19:25:50 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 30.11.2010 17:12:33 AEHEUR.DLL : 8.1.2.54 3113335 Bytes 11.12.2010 19:25:49 AEHELP.DLL : 8.1.16.0 246136 Bytes 11.12.2010 19:25:48 AEGEN.DLL : 8.1.5.0 397685 Bytes 11.12.2010 19:25:47 AEEMU.DLL : 8.1.3.0 393589 Bytes 30.11.2010 17:12:29 AECORE.DLL : 8.1.19.0 196984 Bytes 11.12.2010 19:25:47 AEBB.DLL : 8.1.1.0 53618 Bytes 30.11.2010 17:12:29 AVWINLL.DLL : 10.0.0.0 19304 Bytes 30.11.2010 17:12:39 AVPREF.DLL : 10.0.0.0 44904 Bytes 30.11.2010 17:12:38 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 30.11.2010 17:12:38 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 30.11.2010 17:12:39 AVARKT.DLL : 10.0.22.6 231784 Bytes 30.11.2010 17:12:36 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 30.11.2010 17:12:37 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 30.11.2010 17:12:39 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 30.11.2010 17:13:01 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\program files\avira\antivir desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, G:, D:, E:, F:, H:, I:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: ein Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 10 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR, Beginn des Suchlaufs: Samstag, 11. Dezember 2010 20:41 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Switcher.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VAIOUpdt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmdSync.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SPMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VzFw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'xaudio.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'stacsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iviRegMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FsUsbExService.Exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'G:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Im Laufwerk 'D:\' ist kein Datenträger eingelegt! Bootsektor 'E:\' [INFO] Im Laufwerk 'E:\' ist kein Datenträger eingelegt! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1922' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'G:\' <Volume> Beginne mit der Suche in 'D:\' Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'E:\' Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'F:\' Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'H:\' Der zu durchsuchende Pfad H:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'I:\' Der zu durchsuchende Pfad I:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Ende des Suchlaufs: Samstag, 11. Dezember 2010 22:45 Benötigte Zeit: 2:04:39 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 26250 Verzeichnisse wurden überprüft 560327 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 560327 Dateien ohne Befall 4793 Archive wurden durchsucht 0 Warnungen 0 Hinweise 65985 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
|
12.12.2010, 11:50
| #25 |
| /// Malware-holic | Google-Anfragen werden umgeleitet nutze mal cureit http://www.trojaner-board.de/59299-a...eb-cureit.html anders als beschrieben im normalen modus ausführen. vorher schließe alle programme, trenne die internetverbindung, brich den schnell scan ab und übernimm die konfiguration. dann scan starten, nicht am pc arbeiten. das log mit den ergebnissen hochladen: File-Upload.net und link posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.12.2010, 13:15
| #27 |
| /// Malware-holic | Google-Anfragen werden umgeleitet nicht sonderlich ermutigend. ich vermute eine bestimmte malware auf deinem pc, kann sie aber nicht finden. cureit ist ein guter scanner und wird vllt licht in die sache bringen. scant aber meist ziemlich lang.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.12.2010, 14:42
| #28 |
| | Google-Anfragen werden umgeleitet Ja, habe ich gearde gemerkt, dass der ziemlich lange braucht - der hat gerade mal 7% geschafft nach 1,5 stunden - da ich den rechner heute zum arbeiten brauche, werde ich den scan morgen oder heute nacht durchlaufen lassen, und morgen früh oder abend dann den log posten.. danke soweit, bis morgen und nen schönen sonntag! |
|
12.12.2010, 14:45
| #29 |
| /// Malware-holic | Google-Anfragen werden umgeleitet ja aber nichts wichtiges machen, kein banking, nichts
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.12.2010, 17:18
| #30 |
| | Google-Anfragen werden umgeleitet Hallo, habe die nacht das programm durchlaufen lassen, als ich heute morgen geschaut habe, war der pc von alleine hochgefahren und von nem report o.ä. war auch weit und breit nichts zu sehen, weder im temp noch irgendwo anders. was kann ich machen bzw. woran könnte es liegen? er fragt mich auch, ob ich verdächtige daten verschieben möchte bzw. soll ich noch irgendwas einstellen?? habe den im normalen modus durchlaufen lassen... grüße |
|
| Themen zu Google-Anfragen werden umgeleitet |
| .com, antivir, attackierende, bewusst, computer, forum, frage, fragen, freeware, klick, link, neu, nichts, problem, programme, seite, sicherheitseinstellungen, software, system, trojaner, umgeleitet, viren, webseite, webseiten, werbeseite |
Linear-Darstellung
