| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner "Shutdowner.fft" im systemordnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2010, 11:39
| #1 |
 |  Trojaner "Shutdowner.fft" im systemordner Hey. Ich habe seit ein paar Tagen einen Troyaner auf meinem PC, den ich zuerst durch Löschungen bzw Virenprogramme versucht habe zu entfernen. Die Erfolge dabei waren eher mässig, und er scheint sich so weit in meinem System verbreitet zu haben, dass ich vor dem Neustart JEDES mal Windows per CD-Rom reparieren muss, da ich sonst beim Start einen Bluescreen bekomme. Im Foreneintrag http://www.trojaner-board.de/93744-t...owner-fft.html wird genau dieser Virus behandelt, und ich habe bereits Compofix und OTl drüber laufen lassen, und weiß jetzt nicht, wie ich weiter vorgehen soll... da ich nicht nur unter "Anwendungen" sondern auch schon im Programmordner unbekannte Dateien finde. Könnt ihr mir dabei bitte helfen? Combofix ist im Anhang. |
|
17.12.2010, 11:53
| #2 |
| /// Malware-holic   | Trojaner "Shutdowner.fft" im systemordner bitte führe nie wieder combofix auf eigene faust aus :-)
__________________1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend. 2. reiche alle evtl vorhandenen scan logs mit funden nach 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt
__________________ |
|
17.12.2010, 15:07
| #3 |
| | Trojaner "Shutdowner.fft" im systemordner So...das wären dann die Logs.
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.12.2010 14:48:01 - Run 3 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Krause\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 574,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 136,71 Gb Total Space | 20,36 Gb Free Space | 14,89% Space Free | Partition Type: NTFS Drive D: | 117,19 Gb Total Space | 29,06 Gb Free Space | 24,80% Space Free | Partition Type: NTFS Drive E: | 25,55 Gb Total Space | 25,48 Gb Free Space | 99,75% Space Free | Partition Type: NTFS Drive F: | 582,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KRAUSE | User Name: Krause | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Krause\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\SRWare Iron\iron.exe (SRWare) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\qip\qip.exe (The Author of QIP) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Krause\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- C:\Programme\UltraStar Deluxe\zlportio.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (cpuz132) -- C:\DOKUME~1\Krause\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (catchme) -- C:\DOKUME~1\Krause\LOKALE~1\Temp\catchme.sys File not found DRV - (bfastfao) -- C:\DOKUME~1\Krause\LOKALE~1\Temp\bfastfao.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (imagesrv) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG) DRV - (imagedrv) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI) DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (A_USBETHMP) -- C:\WINDOWS\system32\drivers\usbethmp.sys (Intellon Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://start.icq.com/ IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Programme\AutocompletePro\support@predictad.com [2010.04.24 13:37:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.11.13 10:13:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.02 14:03:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.02 14:03:20 | 000,000,000 | ---D | M] [2010.12.07 21:13:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.05.24 21:34:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 16:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.07 18:04:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.09.07 18:03:49 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2008.09.07 18:03:49 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2008.09.07 18:03:49 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2008.09.07 18:03:50 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2008.09.07 18:03:50 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll O1 HOSTS File: ([2010.12.16 21:43:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-583907252-1409082233-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-583907252-1409082233-725345543-1003..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe () O4 - Startup: C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250419567640 (WUWebControl Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1214497043 (Image Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe) - C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Krause\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Krause\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.24 14:21:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.04 13:00:00 | 000,000,112 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll () Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (65034330371522560) ========== Files/Folders - Created Within 30 Days ========== [2010.12.17 11:20:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.12.17 11:18:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.12.17 11:15:20 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2010.12.17 11:15:20 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2010.12.17 11:15:19 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll [2010.12.17 11:15:19 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll [2010.12.17 11:15:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll [2010.12.17 11:15:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll [2010.12.17 11:15:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll [2010.12.17 11:15:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll [2010.12.17 11:15:17 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2010.12.17 11:15:17 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll [2010.12.17 11:15:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll [2010.12.17 11:15:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2010.12.17 11:15:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll [2010.12.17 11:15:10 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2010.12.17 11:15:10 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2010.12.17 11:15:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2010.12.17 11:15:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2010.12.17 11:15:09 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2010.12.17 11:15:09 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2010.12.17 11:15:09 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2010.12.17 11:15:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll [2010.12.17 11:15:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll [2010.12.17 11:15:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll [2010.12.17 11:15:05 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll [2010.12.17 11:15:04 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2010.12.17 11:15:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2010.12.17 11:15:01 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2010.12.17 11:15:01 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2010.12.17 11:15:01 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2010.12.17 11:15:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2010.12.17 11:15:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2010.12.17 11:15:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2010.12.17 11:15:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2010.12.17 11:15:00 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2010.12.17 11:15:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2010.12.17 11:15:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2010.12.17 11:14:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2010.12.17 11:14:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2010.12.17 11:14:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2010.12.17 11:14:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2010.12.17 11:14:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2010.12.17 11:14:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2010.12.17 11:14:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2010.12.17 11:14:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2010.12.17 11:14:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2010.12.17 11:14:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2010.12.17 11:14:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2010.12.17 11:14:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2010.12.17 11:14:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2010.12.17 11:14:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2010.12.17 11:14:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2010.12.17 11:14:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2010.12.17 11:14:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2010.12.17 11:14:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2010.12.17 11:14:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2010.12.17 11:14:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2010.12.17 11:14:50 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010.12.17 11:14:50 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010.12.17 11:14:50 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2010.12.17 11:14:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2010.12.17 11:14:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll [2010.12.17 11:14:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2010.12.17 11:14:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2010.12.17 11:14:45 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2010.12.17 11:14:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2010.12.17 11:14:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2010.12.17 11:14:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll [2010.12.17 11:14:41 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2010.12.17 11:14:41 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2010.12.17 11:14:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2010.12.17 11:14:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2010.12.17 11:14:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2010.12.17 11:14:40 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2010.12.17 11:14:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll [2010.12.17 11:14:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll [2010.12.17 11:14:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2010.12.17 11:14:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll [2010.12.17 11:14:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll [2010.12.17 11:14:29 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2010.12.17 11:14:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2010.12.17 11:14:16 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2010.12.17 11:14:16 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2010.12.17 11:14:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll [2010.12.17 11:14:15 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll [2010.12.17 11:14:15 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll [2010.12.17 11:14:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2010.12.17 11:14:13 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2010.12.17 11:14:13 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll [2010.12.17 11:14:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2010.12.17 11:14:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll [2010.12.17 11:14:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2010.12.17 11:14:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2010.12.17 11:14:07 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll [2010.12.17 11:14:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll [2010.12.17 11:14:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll [2010.12.17 11:14:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2010.12.17 11:14:05 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll [2010.12.17 11:14:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll [2010.12.17 11:14:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe [2010.12.17 11:14:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll [2010.12.17 11:14:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll [2010.12.17 11:14:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll [2010.12.17 11:14:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll [2010.12.17 11:14:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe [2010.12.17 11:14:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll [2010.12.17 11:14:01 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll [2010.12.17 11:14:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll [2010.12.17 11:13:53 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.12.17 11:13:52 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll [2010.12.17 11:13:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll [2010.12.17 11:13:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll [2010.12.17 11:13:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2010.12.17 11:13:50 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll [2010.12.17 11:13:49 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2010.12.17 11:13:49 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2010.12.17 11:13:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2010.12.17 11:13:49 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2010.12.17 11:13:49 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2010.12.17 11:13:48 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2010.12.17 11:13:48 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2010.12.17 11:13:48 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2010.12.17 11:13:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2010.12.17 11:13:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2010.12.17 11:13:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2010.12.17 11:13:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2010.12.17 11:13:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2010.12.17 11:13:47 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2010.12.17 11:13:47 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2010.12.17 11:13:47 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2010.12.17 11:13:47 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2010.12.17 11:13:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2010.12.17 11:13:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2010.12.17 11:13:47 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2010.12.17 11:13:47 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2010.12.17 11:13:46 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2010.12.17 11:13:46 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll [2010.12.17 11:13:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll [2010.12.17 11:13:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll [2010.12.17 11:13:45 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2010.12.17 11:13:45 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2010.12.17 11:13:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2010.12.17 11:13:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2010.12.17 11:13:43 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2010.12.17 11:13:43 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2010.12.17 11:13:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2010.12.17 11:13:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll [2010.12.17 11:13:42 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2010.12.17 11:13:42 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2010.12.17 11:13:42 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2010.12.17 11:13:42 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2010.12.17 11:13:35 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe [2010.12.17 11:13:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2010.12.17 11:13:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe [2010.12.17 11:13:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll [2010.12.17 11:13:33 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll [2010.12.17 11:13:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll [2010.12.17 11:13:31 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2010.12.17 11:13:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2010.12.17 11:13:30 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2010.12.17 11:13:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2010.12.17 11:13:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2010.12.17 11:13:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2010.12.17 11:13:29 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2010.12.17 11:13:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2010.12.17 11:13:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2010.12.17 11:13:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010.12.17 11:13:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll [2010.12.17 11:13:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll [2010.12.17 11:13:17 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll [2010.12.17 11:13:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll [2010.12.17 11:13:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll [2010.12.17 11:13:16 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2010.12.17 11:13:16 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll [2010.12.17 11:13:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2010.12.17 11:13:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2010.12.17 11:13:13 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll [2010.12.17 11:13:13 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll [2010.12.17 11:13:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll [2010.12.17 11:13:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2010.12.17 11:13:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll [2010.12.17 11:13:08 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2010.12.17 11:13:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll [2010.12.17 11:13:07 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2010.12.17 11:13:07 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2010.12.17 11:13:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx [2010.12.17 11:13:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll [2010.12.17 11:13:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll [2010.12.17 11:13:02 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll [2010.12.17 11:13:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll [2010.12.17 11:13:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll [2010.12.17 11:13:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe [2010.12.17 11:13:02 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll [2010.12.17 11:13:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe [2010.12.17 11:13:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll [2010.12.17 11:13:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll [2010.12.17 11:13:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe [2010.12.17 11:13:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll [2010.12.17 11:13:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll [2010.12.17 11:13:00 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2010.12.17 11:13:00 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2010.12.17 11:13:00 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2010.12.17 11:13:00 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2010.12.17 11:13:00 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2010.12.17 11:13:00 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2010.12.17 11:12:59 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2010.12.17 11:12:59 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2010.12.17 11:12:59 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2010.12.17 11:12:59 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2010.12.17 11:12:59 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2010.12.17 11:12:59 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2010.12.17 11:12:59 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2010.12.17 11:12:58 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2010.12.17 11:12:58 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2010.12.17 11:12:58 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2010.12.17 11:12:57 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx [2010.12.17 11:12:57 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2010.12.17 11:12:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx [2010.12.17 11:12:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx [2010.12.17 11:12:57 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll [2010.12.17 11:12:57 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2010.12.17 11:12:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll [2010.12.17 11:12:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll [2010.12.17 11:12:56 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2010.12.17 11:12:56 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2010.12.17 11:12:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2010.12.17 10:54:45 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010.12.17 10:54:45 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2010.12.17 10:54:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010.12.17 10:54:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2010.12.16 21:44:26 | 000,000,000 | ---D | C] -- C:\Programme\windows [2010.12.16 21:44:09 | 000,000,000 | ---D | C] -- C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe [2010.12.16 21:03:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2010.12.16 20:00:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.12.16 19:54:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.12.16 19:54:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.12.16 19:54:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.12.16 19:54:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.12.16 19:54:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.12.16 19:54:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.12.16 19:15:44 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.16 19:13:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Krause\Desktop\OTL.exe [2010.11.23 18:01:52 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.11.22 16:28:50 | 000,000,000 | ---D | C] -- C:\Riot Games [2010.11.22 14:10:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Krause\Lokale Einstellungen\Anwendungsdaten\PMB Files [2010.11.22 14:09:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PMB Files [2010.11.22 14:09:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.17 14:50:21 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{68AF5B4E-9B52-4521-AE75-730614941551}.job [2010.12.17 13:56:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.12.17 11:21:07 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.12.17 11:21:07 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.12.17 11:21:07 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.12.17 11:21:07 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.12.17 11:20:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.12.17 11:20:14 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.12.17 11:18:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.12.17 11:16:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010.12.17 11:12:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.12.17 11:12:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.12.17 11:12:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.12.17 11:12:30 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.12.17 11:10:10 | 000,022,940 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.12.17 11:08:59 | 000,000,282 | -HS- | M] () -- C:\boot.ini [2010.12.16 21:43:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.12.16 21:16:30 | 000,374,237 | ---- | M] () -- C:\WINDOWS\setupapi.old [2010.12.16 21:11:57 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.12.16 21:11:00 | 000,004,438 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.12.16 19:50:28 | 003,992,805 | R--- | M] () -- C:\Dokumente und Einstellungen\Krause\Desktop\ComboFix.exe [2010.12.16 19:13:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Krause\Desktop\OTL.exe [2010.12.16 17:16:54 | 000,000,605 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\SRWare Iron.lnk [2010.12.16 16:12:12 | 000,057,262 | --S- | M] () -- C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe [2010.12.15 22:27:28 | 000,000,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\AVSMediaPlayer.m3u [2010.12.15 22:22:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.12.12 22:56:37 | 000,228,352 | ---- | M] () -- C:\Dokumente und Einstellungen\Krause\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.12 12:27:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\LauncherAccess.dt [2010.12.09 17:12:27 | 000,002,323 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\King Of Kings 3.lnk [2010.12.08 16:21:59 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.12.04 21:47:29 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.11.23 21:16:45 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Skype.lnk [2010.11.22 23:04:26 | 000,000,126 | ---- | M] () -- C:\Dokumente und Einstellungen\Krause\default.pls [2010.11.22 16:34:29 | 000,001,618 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\League of Legends spielen .lnk [2010.11.22 14:06:47 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.17 11:14:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010.12.17 11:13:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2010.12.17 11:13:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010.12.17 10:54:36 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010.12.17 10:54:36 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010.12.17 10:54:36 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat [2010.12.17 10:54:36 | 000,103,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat [2010.12.17 10:54:36 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010.12.17 10:54:36 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat [2010.12.17 10:54:36 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2010.12.17 10:54:36 | 000,018,989 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2010.12.17 10:54:36 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2010.12.17 10:54:36 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010.12.17 10:54:36 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2010.12.17 10:54:36 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2010.12.17 10:54:36 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010.12.17 10:54:36 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010.12.17 10:54:36 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2010.12.17 10:54:35 | 001,899,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2010.12.17 10:54:35 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2010.12.17 10:54:35 | 000,618,406 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2010.12.16 20:00:12 | 000,262,448 | RHS- | C] () -- C:\cmldr [2010.12.16 19:54:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.12.16 19:54:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.12.16 19:54:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.12.16 19:54:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.12.16 19:54:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.12.16 19:49:26 | 003,992,805 | R--- | C] () -- C:\Dokumente und Einstellungen\Krause\Desktop\ComboFix.exe [2010.12.16 17:16:54 | 000,000,605 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\SRWare Iron.lnk [2010.12.12 23:03:50 | 000,057,262 | --S- | C] () -- C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe [2010.12.09 17:11:32 | 000,002,323 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\King Of Kings 3.lnk [2010.11.22 16:34:29 | 000,001,618 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\League of Legends spielen .lnk [2010.10.11 02:02:12 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys [2010.08.21 15:56:11 | 000,004,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\mtbjfghn.xbe [2010.01.02 19:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\Sx5363.ini [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.06.19 14:29:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.05.15 21:01:16 | 000,000,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\AVSMediaPlayer.m3u [2009.05.15 20:02:07 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.05.15 20:02:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.05.15 19:31:35 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys [2009.03.08 18:57:44 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI [2009.02.12 21:11:44 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\LauncherAccess.dt [2009.02.12 21:10:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008.12.04 14:46:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\pwmocw.dll [2008.10.16 13:08:01 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.06.26 21:10:46 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2008.03.20 09:30:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.02.21 17:47:25 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ezsid.dat [2008.01.26 13:17:26 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.10.22 19:16:18 | 000,228,352 | ---- | C] () -- C:\Dokumente und Einstellungen\Krause\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.16 16:00:59 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe [2007.09.11 21:10:55 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\addr_file.html [2007.09.11 21:08:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.09.11 20:29:18 | 000,014,916 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2007.09.11 20:28:59 | 000,014,893 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.09.11 20:28:56 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.12.29 16:49:37 | 000,000,016 | ---- | C] () -- C:\Programme\PersonalDb.idx [2006.12.29 16:49:37 | 000,000,016 | ---- | C] () -- C:\Programme\PersonalDb.db [2006.12.29 16:49:37 | 000,000,016 | ---- | C] () -- C:\Programme\FreedbOrg.idx [2006.12.29 16:49:37 | 000,000,016 | ---- | C] () -- C:\Programme\FreedbOrg.db [2006.12.25 12:10:52 | 000,021,916 | ---- | C] () -- C:\Programme\MXDB.DB [2006.12.25 12:10:52 | 000,020,630 | ---- | C] () -- C:\Programme\MXDB.bak [2004.08.04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004.08.04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll ========== LOP Check ========== [2007.04.19 16:08:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic [2006.12.25 12:10:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2007.02.17 07:03:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.12.31 16:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\DAEMON Tools Lite [2010.08.02 09:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Driver Mender [2010.01.24 16:34:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ICQ [2007.09.11 21:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\MailFrontier [2010.07.21 19:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Metacafe [2009.05.11 19:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PC Drivers HeadQuarters [2010.12.09 14:34:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PMB Files [2008.10.20 09:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP [2008.09.11 18:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TrackMania [2010.04.17 11:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.02.12 18:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2006.12.31 13:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\ICQ Toolbar [2009.04.11 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast.KRAUSE\Anwendungsdaten\ICQ [2008.01.30 14:57:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast.KRAUSE\Anwendungsdaten\ICQ Toolbar [2010.08.22 22:10:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Acreon [2010.12.13 20:20:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Arusa [2010.08.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Carambis [2010.08.04 19:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\CheckPoint [2009.03.22 13:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\ConvertTemp [2008.12.31 17:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DAEMON Tools [2008.12.31 17:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DAEMON Tools Lite [2009.07.27 00:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DAEMON Tools Pro [2010.12.06 22:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\ICQ [2007.09.12 20:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\ICQ Toolbar [2007.09.16 16:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\InterTrust [2010.09.12 17:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\MobMapUpdater [2010.08.15 08:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\MSNInstaller [2009.11.11 16:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\OpenOffice.org [2008.02.12 00:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\QIP [2009.02.12 21:12:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Samsung [2010.08.15 19:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\temp [2009.02.12 21:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Temporary [2009.02.12 21:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\TransRender [2010.04.24 16:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\TS3Client [2010.08.02 09:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Uniblue [2010.12.17 14:50:21 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{68AF5B4E-9B52-4521-AE75-730614941551}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.22 22:10:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Acreon [2009.02.03 19:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Adobe [2008.12.31 16:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Ahead [2010.04.19 13:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Apple Computer [2010.12.13 20:20:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Arusa [2010.03.27 09:49:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Avira [2010.08.04 17:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\AVS4YOU [2010.08.21 15:56:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Carambis [2010.08.04 19:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\CheckPoint [2009.03.22 13:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\ConvertTemp [2008.12.31 17:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DAEMON Tools [2008.12.31 17:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DAEMON Tools Lite [2009.07.27 00:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DAEMON Tools Pro [2010.06.07 21:29:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\DivX [2008.02.22 19:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Google [2009.05.19 12:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Hamachi [2010.12.06 22:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\ICQ [2007.09.12 20:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\ICQ Toolbar [2007.09.11 20:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Identities [2007.09.12 14:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\InstallShield [2007.09.16 16:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\InterTrust [2008.07.15 11:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Macromedia [2010.08.15 08:19:15 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft [2010.03.28 18:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\mIRC [2010.09.12 17:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\MobMapUpdater [2009.03.31 21:41:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Move Networks [2010.08.15 08:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\MSNInstaller [2009.11.11 16:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\OpenOffice.org [2008.02.12 00:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\QIP [2009.02.12 21:12:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Samsung [2010.11.23 21:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Skype [2010.11.23 20:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\skypePM [2008.09.12 14:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Sun [2010.08.15 19:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\temp [2009.02.12 21:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Temporary [2009.02.12 21:43:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\TransRender [2010.04.24 16:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\TS3Client [2010.08.02 09:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Uniblue < %APPDATA%\*.exe /s > [2010.08.22 22:11:06 | 000,272,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Acreon\WowMatrix\Modules\curl.exe [2010.08.21 14:05:25 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Installer\{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}\_0A974D10477ADC640EB1CC.exe [2010.08.21 14:05:26 | 000,017,542 | R--- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Installer\{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}\_131ABE81BA49F18A6E320F.exe [2010.08.21 14:05:26 | 000,017,542 | R--- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Installer\{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}\_5239DE633BF3A3C006492F.exe [2009.01.31 20:20:07 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2009.01.31 20:20:07 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2009.01.31 20:20:07 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.03.31 21:40:44 | 000,034,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe [2010.08.15 08:21:05 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Krause\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\system32\dllcache\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe < MD5 for: NETLOGON.DLL > [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ERDNT\cache\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll < MD5 for: USERINIT.EXE > [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VIAMRAID.SYS > [2005.04.26 20:22:40 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.12.17 11:52:41 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.12.17 10:39:47 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2010.12.17 11:52:41 | 027,000,832 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.12.17 11:52:41 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2004.08.04 13:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 489 bytes -> C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:05EE1EEF @Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:083D3EEE < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.12.2010 14:48:01 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Krause\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 574,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 136,71 Gb Total Space | 20,36 Gb Free Space | 14,89% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 29,06 Gb Free Space | 24,80% Space Free | Partition Type: NTFS
Drive E: | 25,55 Gb Total Space | 25,48 Gb Free Space | 99,75% Space Free | Partition Type: NTFS
Drive F: | 582,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KRAUSE | User Name: Krause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56255:TCP" = 56255:TCP:*:Enabled:Pando Media Booster
"56255:UDP" = 56255:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2395:TCP" = 2395:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"2341:TCP" = 2341:TCP:*:Enabled:Akamai NetSession Interface
"2571:TCP" = 2571:TCP:*:Enabled:Akamai NetSession Interface
"2624:TCP" = 2624:TCP:*:Enabled:Akamai NetSession Interface
"2664:TCP" = 2664:TCP:*:Enabled:Akamai NetSession Interface
"2803:TCP" = 2803:TCP:*:Enabled:Akamai NetSession Interface
"2929:TCP" = 2929:TCP:*:Enabled:Akamai NetSession Interface
"3134:TCP" = 3134:TCP:*:Enabled:Akamai NetSession Interface
"3264:TCP" = 3264:TCP:*:Enabled:Akamai NetSession Interface
"3396:TCP" = 3396:TCP:*:Enabled:Akamai NetSession Interface
"3734:TCP" = 3734:TCP:*:Enabled:Akamai NetSession Interface
"3892:TCP" = 3892:TCP:*:Enabled:Akamai NetSession Interface
"4141:TCP" = 4141:TCP:*:Enabled:Akamai NetSession Interface
"2084:TCP" = 2084:TCP:*:Enabled:Akamai NetSession Interface
"1036:TCP" = 1036:TCP:*:Enabled:Akamai NetSession Interface
"2488:TCP" = 2488:TCP:*:Enabled:Akamai NetSession Interface
"3747:TCP" = 3747:TCP:*:Enabled:Akamai NetSession Interface
"1453:TCP" = 1453:TCP:*:Enabled:Akamai NetSession Interface
"1828:TCP" = 1828:TCP:*:Enabled:Akamai NetSession Interface
"1969:TCP" = 1969:TCP:*:Enabled:Akamai NetSession Interface
"2312:TCP" = 2312:TCP:*:Enabled:Akamai NetSession Interface
"2386:TCP" = 2386:TCP:*:Enabled:Akamai NetSession Interface
"2434:TCP" = 2434:TCP:*:Enabled:Akamai NetSession Interface
"2487:TCP" = 2487:TCP:*:Enabled:Akamai NetSession Interface
"3227:TCP" = 3227:TCP:*:Enabled:Akamai NetSession Interface
"3408:TCP" = 3408:TCP:*:Enabled:Akamai NetSession Interface
"4303:TCP" = 4303:TCP:*:Enabled:Akamai NetSession Interface
"1184:TCP" = 1184:TCP:*:Enabled:Akamai NetSession Interface
"1293:TCP" = 1293:TCP:*:Enabled:Akamai NetSession Interface
"1578:TCP" = 1578:TCP:*:Enabled:Akamai NetSession Interface
"2213:TCP" = 2213:TCP:*:Enabled:Akamai NetSession Interface
"1193:TCP" = 1193:TCP:*:Enabled:Akamai NetSession Interface
"2347:TCP" = 2347:TCP:*:Enabled:Akamai NetSession Interface
"3203:TCP" = 3203:TCP:*:Enabled:Akamai NetSession Interface
"3453:TCP" = 3453:TCP:*:Enabled:Akamai NetSession Interface
"4742:TCP" = 4742:TCP:*:Enabled:Akamai NetSession Interface
"4957:TCP" = 4957:TCP:*:Enabled:Akamai NetSession Interface
"1067:TCP" = 1067:TCP:*:Enabled:Akamai NetSession Interface
"1538:TCP" = 1538:TCP:*:Enabled:Akamai NetSession Interface
"1920:TCP" = 1920:TCP:*:Enabled:Akamai NetSession Interface
"2588:TCP" = 2588:TCP:*:Enabled:Akamai NetSession Interface
"1459:TCP" = 1459:TCP:*:Enabled:Akamai NetSession Interface
"1803:TCP" = 1803:TCP:*:Enabled:Akamai NetSession Interface
"2012:TCP" = 2012:TCP:*:Enabled:Akamai NetSession Interface
"2086:TCP" = 2086:TCP:*:Enabled:Akamai NetSession Interface
"2210:TCP" = 2210:TCP:*:Enabled:Akamai NetSession Interface
"1590:TCP" = 1590:TCP:*:Enabled:Akamai NetSession Interface
"1689:TCP" = 1689:TCP:*:Enabled:Akamai NetSession Interface
"1927:TCP" = 1927:TCP:*:Enabled:Akamai NetSession Interface
"2025:TCP" = 2025:TCP:*:Enabled:Akamai NetSession Interface
"2226:TCP" = 2226:TCP:*:Enabled:Akamai NetSession Interface
"2293:TCP" = 2293:TCP:*:Enabled:Akamai NetSession Interface
"2356:TCP" = 2356:TCP:*:Enabled:Akamai NetSession Interface
"2608:TCP" = 2608:TCP:*:Enabled:Akamai NetSession Interface
"4125:TCP" = 4125:TCP:*:Enabled:Akamai NetSession Interface
"4381:TCP" = 4381:TCP:*:Enabled:Akamai NetSession Interface
"4534:TCP" = 4534:TCP:*:Enabled:Akamai NetSession Interface
"4687:TCP" = 4687:TCP:*:Enabled:Akamai NetSession Interface
"4913:TCP" = 4913:TCP:*:Enabled:Akamai NetSession Interface
"1140:TCP" = 1140:TCP:*:Enabled:Akamai NetSession Interface
"1645:TCP" = 1645:TCP:*:Enabled:Akamai NetSession Interface
"1841:TCP" = 1841:TCP:*:Enabled:Akamai NetSession Interface
"2237:TCP" = 2237:TCP:*:Enabled:Akamai NetSession Interface
"2723:TCP" = 2723:TCP:*:Enabled:Akamai NetSession Interface
"1726:TCP" = 1726:TCP:*:Enabled:Akamai NetSession Interface
"1809:TCP" = 1809:TCP:*:Enabled:Akamai NetSession Interface
"1966:TCP" = 1966:TCP:*:Enabled:Akamai NetSession Interface
"2018:TCP" = 2018:TCP:*:Enabled:Akamai NetSession Interface
"2072:TCP" = 2072:TCP:*:Enabled:Akamai NetSession Interface
"2123:TCP" = 2123:TCP:*:Enabled:Akamai NetSession Interface
"2185:TCP" = 2185:TCP:*:Enabled:Akamai NetSession Interface
"2250:TCP" = 2250:TCP:*:Enabled:Akamai NetSession Interface
"2309:TCP" = 2309:TCP:*:Enabled:Akamai NetSession Interface
"2372:TCP" = 2372:TCP:*:Enabled:Akamai NetSession Interface
"2470:TCP" = 2470:TCP:*:Enabled:Akamai NetSession Interface
"2566:TCP" = 2566:TCP:*:Enabled:Akamai NetSession Interface
"2669:TCP" = 2669:TCP:*:Enabled:Akamai NetSession Interface
"2762:TCP" = 2762:TCP:*:Enabled:Akamai NetSession Interface
"2864:TCP" = 2864:TCP:*:Enabled:Akamai NetSession Interface
"2963:TCP" = 2963:TCP:*:Enabled:Akamai NetSession Interface
"3063:TCP" = 3063:TCP:*:Enabled:Akamai NetSession Interface
"3160:TCP" = 3160:TCP:*:Enabled:Akamai NetSession Interface
"3255:TCP" = 3255:TCP:*:Enabled:Akamai NetSession Interface
"3366:TCP" = 3366:TCP:*:Enabled:Akamai NetSession Interface
"3470:TCP" = 3470:TCP:*:Enabled:Akamai NetSession Interface
"3581:TCP" = 3581:TCP:*:Enabled:Akamai NetSession Interface
"3708:TCP" = 3708:TCP:*:Enabled:Akamai NetSession Interface
"3833:TCP" = 3833:TCP:*:Enabled:Akamai NetSession Interface
"3944:TCP" = 3944:TCP:*:Enabled:Akamai NetSession Interface
"4043:TCP" = 4043:TCP:*:Enabled:Akamai NetSession Interface
"4140:TCP" = 4140:TCP:*:Enabled:Akamai NetSession Interface
"4283:TCP" = 4283:TCP:*:Enabled:Akamai NetSession Interface
"1705:TCP" = 1705:TCP:*:Enabled:Akamai NetSession Interface
"2545:TCP" = 2545:TCP:*:Enabled:Akamai NetSession Interface
"2594:TCP" = 2594:TCP:*:Enabled:Akamai NetSession Interface
"2654:TCP" = 2654:TCP:*:Enabled:Akamai NetSession Interface
"2712:TCP" = 2712:TCP:*:Enabled:Akamai NetSession Interface
"2775:TCP" = 2775:TCP:*:Enabled:Akamai NetSession Interface
"2860:TCP" = 2860:TCP:*:Enabled:Akamai NetSession Interface
"2950:TCP" = 2950:TCP:*:Enabled:Akamai NetSession Interface
"3043:TCP" = 3043:TCP:*:Enabled:Akamai NetSession Interface
"3135:TCP" = 3135:TCP:*:Enabled:Akamai NetSession Interface
"3232:TCP" = 3232:TCP:*:Enabled:Akamai NetSession Interface
"3325:TCP" = 3325:TCP:*:Enabled:Akamai NetSession Interface
"3412:TCP" = 3412:TCP:*:Enabled:Akamai NetSession Interface
"3508:TCP" = 3508:TCP:*:Enabled:Akamai NetSession Interface
"3599:TCP" = 3599:TCP:*:Enabled:Akamai NetSession Interface
"2138:TCP" = 2138:TCP:*:Enabled:Akamai NetSession Interface
"2780:TCP" = 2780:TCP:*:Enabled:Akamai NetSession Interface
"2846:TCP" = 2846:TCP:*:Enabled:Akamai NetSession Interface
"2997:TCP" = 2997:TCP:*:Enabled:Akamai NetSession Interface
"3163:TCP" = 3163:TCP:*:Enabled:Akamai NetSession Interface
"3241:TCP" = 3241:TCP:*:Enabled:Akamai NetSession Interface
"3341:TCP" = 3341:TCP:*:Enabled:Akamai NetSession Interface
"4244:TCP" = 4244:TCP:*:Enabled:Akamai NetSession Interface
"4518:TCP" = 4518:TCP:*:Enabled:Akamai NetSession Interface
"4648:TCP" = 4648:TCP:*:Enabled:Akamai NetSession Interface
"2223:TCP" = 2223:TCP:*:Enabled:Akamai NetSession Interface
"2491:TCP" = 2491:TCP:*:Enabled:Akamai NetSession Interface
"2724:TCP" = 2724:TCP:*:Enabled:Akamai NetSession Interface
"2937:TCP" = 2937:TCP:*:Enabled:Akamai NetSession Interface
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"56255:TCP" = 56255:TCP:*:Enabled:Pando Media Booster
"56255:UDP" = 56255:UDP:*:Enabled:Pando Media Booster
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\qip\qip.exe" = C:\Programme\qip\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\World of Warcraft\Uninstall.exe" = C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\World of Warcraft\Uninstall.exe:*:Enabled:World of Warcraft - Deinstallation -- ()
"C:\Programme\World of Warcraft\Repair.exe" = C:\Programme\World of Warcraft\Repair.exe:*:Enabled:World of Warcraft - Reparieren -- (Blizzard Entertainment, Inc.)
"C:\WINDOWS\system32\winmine.exe" = C:\WINDOWS\system32\winmine.exe:*:Enabled:Minesweeper -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Programme\SRWare Iron\iron.exe" = C:\Programme\SRWare Iron\iron.exe:*:Enabled:SRWare Iron -- (SRWare)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16C86E91-4EB5-4B40-BA24-BFCC8C5E0F2F}" = King Of Kings 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{29B3C64A-0F93-47CD-9C54-72C0C5578487}" = Samsung PC Studio
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}" = Blasc3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 8.0.555.0
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{ECFE8BE4-C906-11D6-A95C-000374890932}" = Startklar - sicher ans Ziel
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Final Fantasy VII" = Final Fantasy VII
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Google Chrome" = Google Chrome
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{ECFE8BE4-C906-11D6-A95C-000374890932}" = Startklar - sicher ans Ziel
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MindManager Smart" = MindManager Smart
"mIRC" = mIRC
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"MSNINST" = MSN
"Multiclicker" = Multiclicker
"PeerGuardian_is1" = PeerGuardian 2.0
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Logitech® Camera-Treiber
"QIP 8070 Jeak Edition" = QIP 8070 Jeak Edition
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeamViewer 3" = TeamViewer 3
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-583907252-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"QIP 2005" = QIP 2005 8095
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2010 09:05:10 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:10:03 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:15:58 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:21:01 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:30:39 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:35:34 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:40:10 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:45:21 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:50:16 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
Error - 17.12.2010 09:55:08 | Computer Name = KRAUSE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
[ System Events ]
Error - 12.12.2010 06:39:08 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:09 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:10 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:11 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:12 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:13 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:14 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:15 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:16 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
Error - 12.12.2010 06:39:17 | Computer Name = KRAUSE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht
vorhandenem Dienst abhängig: vsdatant
< End of report >
|
|
17.12.2010, 15:18
| #4 |
| /// Malware-holic | Trojaner "Shutdowner.fft" im systemordner dep für alle prozesse: Datenausführungsverhinderung (DEP) • "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:". teile mir evtl. aufkommende warnmeldungen mit. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - Startup: C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe () O20 - HKLM Winlogon: UserInit - (C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe) - C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe [2010.12.16 21:44:26 | 000,000,000 | ---D | C] -- C:\Programme\windows [2010.12.16 21:44:09 | 000,000,000 | ---D | C] -- C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe [2010.12.16 16:12:12 | 000,057,262 | --S- | M] () -- C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.htmlja
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2010, 15:42
| #5 |
| | Trojaner "Shutdowner.fft" im systemordner Das war der erste Reboot seit gestern Abend, bei dem ich nicht mehr die Windows-CD brauchte. Das Antivir schlägt seit einiger Zeit nicht mehr an... ich weiß aber nicht weshalb. All processes killed ========== OTL ========== File move failed. C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe deleted successfully. File move failed. C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe scheduled to be moved on reboot. C:\Programme\windows folder moved successfully. Folder move failed. C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe scheduled to be moved on reboot. File move failed. C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe scheduled to be moved on reboot. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: All Users.WINDOWS User: Default User User: Default User.WINDOWS User: Gast ->Flash cache emptied: 0 bytes User: Gast.KRAUSE ->Flash cache emptied: 0 bytes User: Krause ->Flash cache emptied: 456 bytes User: LocalService User: LocalService.NT-AUTORITAT User: LocalService.NT-AUTORITÄT User: Michael User: NetworkService User: NetworkService.NT-AUTORITAT User: NetworkService.NT-AUTORITÄT Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast.KRAUSE ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Krause ->Temp folder emptied: 1134570 bytes ->Temporary Internet Files folder emptied: 5275892 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.NT-AUTORITAT User: LocalService.NT-AUTORITÄT ->Temp folder emptied: 1057464 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Michael User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.NT-AUTORITAT User: NetworkService.NT-AUTORITÄT ->Temp folder emptied: 1057464 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4229528 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1104843 bytes RecycleBin emptied: 1286493 bytes Total Files Cleaned = 15,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12172010_153309 Files\Folders moved on Reboot... File move failed. C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe scheduled to be moved on reboot. File move failed. C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe scheduled to be moved on reboot. Folder move failed. C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
17.12.2010, 15:51
| #6 |
| /// Malware-holic | Trojaner "Shutdowner.fft" im systemordner hast du vor dem erstellen des moved files archives neugestartet?
__________________ --> Trojaner "Shutdowner.fft" im systemordner |
|
17.12.2010, 15:58
| #7 |
| | Trojaner "Shutdowner.fft" im systemordner Habe ich. OTL hat einen Neustart gefordert, ich habe akzeptiert. Sollte ich vorher bei OTL wieder die Einstellungen wie zu Beginn vornehmen? Ich versuche es damit noch einmal- es kann sein, dass ich das vergessen habe  |
|
17.12.2010, 15:59
| #8 |
| /// Malware-holic | Trojaner "Shutdowner.fft" im systemordner nein nein. bitte lösche deine combofix version, lads erneut runter und führe das programm aus, log posten.ja
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2010, 16:12
| #9 |
| | Trojaner "Shutdowner.fft" im systemordner combofix lässt sich nicht deinstallieren. mit start-> ausführen ComboFix /u ComboFix /uninstall oder "%userprofile%\desktop\combofix.exe" /u startet der einfach immer nur das programm. |
|
17.12.2010, 16:16
| #10 |
| /// Malware-holic | Trojaner "Shutdowner.fft" im systemordner lösche die exe einfach manuell, das reicht mir schon :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2010, 16:36
| #11 |
| | Trojaner "Shutdowner.fft" im systemordner Okay, der ComboFix log sieht so aus: Combofix Logfile: Code:
ATTFilter ComboFix 10-12-16.05 - Krause 17.12.2010 16:23:17.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.648 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Krause\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programme\Internet Explorer\dmlconf.dat
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-17 bis 2010-12-17 ))))))))))))))))))))))))))))))
.
2010-12-17 15:03 . 2010-12-17 15:03 -------- d-----w- c:\windows\LastGood
2010-12-17 10:14 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-12-17 10:13 . 2004-08-04 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-12-17 10:12 . 2004-05-12 23:39 876653 -c--a-w- c:\windows\system32\dllcache\fp4awel.dll
2010-12-17 09:54 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-17 09:54 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-17 09:54 . 2004-08-04 12:00 13824 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-17 09:54 . 2004-08-04 12:00 13824 ----a-w- c:\windows\system32\irclass.dll
2010-12-16 20:03 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-16 20:03 . 2004-08-04 12:00 16384 ----a-w- c:\programme\Internet Explorer\Connection Wizard\isignup.exe
2010-12-16 18:15 . 2010-12-17 15:03 -------- d-----w- C:\_OTL
2010-11-23 17:01 . 2010-11-23 17:01 -------- d-----w- c:\programme\7-Zip
2010-11-22 15:28 . 2010-11-22 15:28 -------- d-----w- C:\Riot Games
2010-11-22 13:10 . 2010-12-09 21:18 -------- d-----w- c:\dokumente und einstellungen\Krause\Lokale Einstellungen\Anwendungsdaten\PMB Files
2010-11-22 13:09 . 2010-12-09 13:34 -------- d-----w- c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\PMB Files
2010-11-22 13:09 . 2010-11-22 13:09 -------- d-----w- c:\programme\Pando Networks
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 15:21 . 2009-03-19 16:56 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-22 13:06 . 2009-03-19 16:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-11 01:02 . 2010-10-11 01:02 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2004-10-01 13:00 . 2007-09-16 15:00 40960 ----a-w- c:\programme\Uninstall_CDS.exe
2008-09-07 17:03 . 2007-09-29 05:20 67696 ----a-w- c:\programme\mozilla firefox\components\jar50.dll
2008-09-07 17:03 . 2007-09-29 05:20 54376 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2008-09-07 17:03 . 2007-09-29 05:20 34952 ----a-w- c:\programme\mozilla firefox\components\myspell.dll
2008-09-07 17:03 . 2007-09-29 05:20 46720 ----a-w- c:\programme\mozilla firefox\components\spellchk.dll
2008-09-07 17:03 . 2007-09-29 05:20 172144 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50 2517088 ----a-w- c:\programme\ZoneAlarm-Sicherheit\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\programme\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-08 281768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 738808]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\dokumente und einstellungen\Krause\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\qip\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\ICQ7.0\\ICQ.exe"=
"c:\\Programme\\ICQ7.0\\aolload.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Blizzard Entertainment\\World of Warcraft\\Uninstall.exe"=
"c:\\Programme\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\winmine.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\SRWare Iron\\iron.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2395:TCP"= 2395:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2341:TCP"= 2341:TCP:Akamai NetSession Interface
"2571:TCP"= 2571:TCP:Akamai NetSession Interface
"2624:TCP"= 2624:TCP:Akamai NetSession Interface
"2664:TCP"= 2664:TCP:Akamai NetSession Interface
"2803:TCP"= 2803:TCP:Akamai NetSession Interface
"2929:TCP"= 2929:TCP:Akamai NetSession Interface
"3134:TCP"= 3134:TCP:Akamai NetSession Interface
"3264:TCP"= 3264:TCP:Akamai NetSession Interface
"3396:TCP"= 3396:TCP:Akamai NetSession Interface
"3734:TCP"= 3734:TCP:Akamai NetSession Interface
"3892:TCP"= 3892:TCP:Akamai NetSession Interface
"4141:TCP"= 4141:TCP:Akamai NetSession Interface
"2084:TCP"= 2084:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"2488:TCP"= 2488:TCP:Akamai NetSession Interface
"3747:TCP"= 3747:TCP:Akamai NetSession Interface
"1453:TCP"= 1453:TCP:Akamai NetSession Interface
"1828:TCP"= 1828:TCP:Akamai NetSession Interface
"1969:TCP"= 1969:TCP:Akamai NetSession Interface
"2312:TCP"= 2312:TCP:Akamai NetSession Interface
"2386:TCP"= 2386:TCP:Akamai NetSession Interface
"2434:TCP"= 2434:TCP:Akamai NetSession Interface
"2487:TCP"= 2487:TCP:Akamai NetSession Interface
"3227:TCP"= 3227:TCP:Akamai NetSession Interface
"3408:TCP"= 3408:TCP:Akamai NetSession Interface
"4303:TCP"= 4303:TCP:Akamai NetSession Interface
"1184:TCP"= 1184:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1578:TCP"= 1578:TCP:Akamai NetSession Interface
"2213:TCP"= 2213:TCP:Akamai NetSession Interface
"1193:TCP"= 1193:TCP:Akamai NetSession Interface
"2347:TCP"= 2347:TCP:Akamai NetSession Interface
"3203:TCP"= 3203:TCP:Akamai NetSession Interface
"3453:TCP"= 3453:TCP:Akamai NetSession Interface
"4742:TCP"= 4742:TCP:Akamai NetSession Interface
"4957:TCP"= 4957:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1538:TCP"= 1538:TCP:Akamai NetSession Interface
"1920:TCP"= 1920:TCP:Akamai NetSession Interface
"2588:TCP"= 2588:TCP:Akamai NetSession Interface
"1459:TCP"= 1459:TCP:Akamai NetSession Interface
"1803:TCP"= 1803:TCP:Akamai NetSession Interface
"2012:TCP"= 2012:TCP:Akamai NetSession Interface
"2086:TCP"= 2086:TCP:Akamai NetSession Interface
"2210:TCP"= 2210:TCP:Akamai NetSession Interface
"1590:TCP"= 1590:TCP:Akamai NetSession Interface
"1689:TCP"= 1689:TCP:Akamai NetSession Interface
"1927:TCP"= 1927:TCP:Akamai NetSession Interface
"2025:TCP"= 2025:TCP:Akamai NetSession Interface
"2226:TCP"= 2226:TCP:Akamai NetSession Interface
"2293:TCP"= 2293:TCP:Akamai NetSession Interface
"2356:TCP"= 2356:TCP:Akamai NetSession Interface
"2608:TCP"= 2608:TCP:Akamai NetSession Interface
"4125:TCP"= 4125:TCP:Akamai NetSession Interface
"4381:TCP"= 4381:TCP:Akamai NetSession Interface
"4534:TCP"= 4534:TCP:Akamai NetSession Interface
"4687:TCP"= 4687:TCP:Akamai NetSession Interface
"4913:TCP"= 4913:TCP:Akamai NetSession Interface
"1140:TCP"= 1140:TCP:Akamai NetSession Interface
"1645:TCP"= 1645:TCP:Akamai NetSession Interface
"1841:TCP"= 1841:TCP:Akamai NetSession Interface
"2237:TCP"= 2237:TCP:Akamai NetSession Interface
"2723:TCP"= 2723:TCP:Akamai NetSession Interface
"1726:TCP"= 1726:TCP:Akamai NetSession Interface
"1809:TCP"= 1809:TCP:Akamai NetSession Interface
"1966:TCP"= 1966:TCP:Akamai NetSession Interface
"2018:TCP"= 2018:TCP:Akamai NetSession Interface
"2072:TCP"= 2072:TCP:Akamai NetSession Interface
"2123:TCP"= 2123:TCP:Akamai NetSession Interface
"2185:TCP"= 2185:TCP:Akamai NetSession Interface
"2250:TCP"= 2250:TCP:Akamai NetSession Interface
"2309:TCP"= 2309:TCP:Akamai NetSession Interface
"2372:TCP"= 2372:TCP:Akamai NetSession Interface
"2470:TCP"= 2470:TCP:Akamai NetSession Interface
"2566:TCP"= 2566:TCP:Akamai NetSession Interface
"2669:TCP"= 2669:TCP:Akamai NetSession Interface
"2762:TCP"= 2762:TCP:Akamai NetSession Interface
"2864:TCP"= 2864:TCP:Akamai NetSession Interface
"2963:TCP"= 2963:TCP:Akamai NetSession Interface
"3063:TCP"= 3063:TCP:Akamai NetSession Interface
"3160:TCP"= 3160:TCP:Akamai NetSession Interface
"3255:TCP"= 3255:TCP:Akamai NetSession Interface
"3366:TCP"= 3366:TCP:Akamai NetSession Interface
"3470:TCP"= 3470:TCP:Akamai NetSession Interface
"3581:TCP"= 3581:TCP:Akamai NetSession Interface
"3708:TCP"= 3708:TCP:Akamai NetSession Interface
"3833:TCP"= 3833:TCP:Akamai NetSession Interface
"3944:TCP"= 3944:TCP:Akamai NetSession Interface
"4043:TCP"= 4043:TCP:Akamai NetSession Interface
"4140:TCP"= 4140:TCP:Akamai NetSession Interface
"4283:TCP"= 4283:TCP:Akamai NetSession Interface
"1705:TCP"= 1705:TCP:Akamai NetSession Interface
"2545:TCP"= 2545:TCP:Akamai NetSession Interface
"2594:TCP"= 2594:TCP:Akamai NetSession Interface
"2654:TCP"= 2654:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"2775:TCP"= 2775:TCP:Akamai NetSession Interface
"2860:TCP"= 2860:TCP:Akamai NetSession Interface
"2950:TCP"= 2950:TCP:Akamai NetSession Interface
"3043:TCP"= 3043:TCP:Akamai NetSession Interface
"3135:TCP"= 3135:TCP:Akamai NetSession Interface
"3232:TCP"= 3232:TCP:Akamai NetSession Interface
"3325:TCP"= 3325:TCP:Akamai NetSession Interface
"3412:TCP"= 3412:TCP:Akamai NetSession Interface
"3508:TCP"= 3508:TCP:Akamai NetSession Interface
"3599:TCP"= 3599:TCP:Akamai NetSession Interface
"2138:TCP"= 2138:TCP:Akamai NetSession Interface
"2780:TCP"= 2780:TCP:Akamai NetSession Interface
"2846:TCP"= 2846:TCP:Akamai NetSession Interface
"2997:TCP"= 2997:TCP:Akamai NetSession Interface
"3163:TCP"= 3163:TCP:Akamai NetSession Interface
"3241:TCP"= 3241:TCP:Akamai NetSession Interface
"3341:TCP"= 3341:TCP:Akamai NetSession Interface
"4244:TCP"= 4244:TCP:Akamai NetSession Interface
"4518:TCP"= 4518:TCP:Akamai NetSession Interface
"4648:TCP"= 4648:TCP:Akamai NetSession Interface
"2223:TCP"= 2223:TCP:Akamai NetSession Interface
"2491:TCP"= 2491:TCP:Akamai NetSession Interface
"2724:TCP"= 2724:TCP:Akamai NetSession Interface
"2937:TCP"= 2937:TCP:Akamai NetSession Interface
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56255:TCP"= 56255:TCP:Pando Media Booster
"56255:UDP"= 56255:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [15.05.2009 19:31 33824]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.03.2009 17:56 135336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [15.06.2010 16:49 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [15.06.2010 16:49 493048]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.09.2007 17:10 717296]
S2 gupdate1ca14e7cea325a;Google Update Service (gupdate1ca14e7cea325a);c:\programme\Google\Update\GoogleUpdate.exe [04.08.2009 10:36 133104]
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [29.09.2007 20:41 14342]
S3 bfastfao;bfastfao;\??\c:\dokume~1\Krause\LOKALE~1\Temp\bfastfao.sys --> c:\dokume~1\Krause\LOKALE~1\Temp\bfastfao.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 10:12 25088]
S3 zlportio;zlportio;\??\c:\programme\UltraStar Deluxe\zlportio.sys --> c:\programme\UltraStar Deluxe\zlportio.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-08-04 09:36]
2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-08-04 09:36]
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{68AF5B4E-9B52-4521-AE75-730614941551}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1214497043
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-17 16:31
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RaidTool = c:\programme\VIA\RAID\raid_tool.exe?@?!
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(776)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2010-12-17 16:34:59
ComboFix-quarantined-files.txt 2010-12-17 15:34
ComboFix2.txt 2010-12-16 20:52
Vor Suchlauf: 16 Verzeichnis(se), 21.706.395.648 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 21.689.360.384 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 1B8CAAFB3C31DD71811C4C0069D23C42
|
|
17.12.2010, 16:40
| #12 |
| /// Malware-holic | Trojaner "Shutdowner.fft" im systemordner hmm. 1. als du otl ausgeführt hattest, also den fix, hat danach avira angeschlagen? falls nein, kannst du mal den arbeitsplatz öffnen, rechtsklick auf _moved files, eigenschaften und schauen wie groß der ordner ist, in mb oder kb?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2010, 16:47
| #13 |
| | Trojaner "Shutdowner.fft" im systemordner Antivir schlägt seit heute morgen gar nicht mehr an... gestern abend hatte ich immer das problem, dass beim anmelden ein explorer.exe-error kam, weshalb ich immer wieder neustarten musste. das habe ich gelöst indem ich mit der windows-cd meine windows-installation repariert habe. anders kam ich dann nicht mehr in mein benutzprofil. heute morgen habe ich das auch machen müssen... danach kamen noch 2 meldungen von antivir und seitdem nichts mehr. ich könnte einen suchlauf machen und abwarten was antivir sagt. die movedfiles ist 126 kb groß nach 2 suchdurchläufen... ich hatte noch einen weiteren gemacht.... All processes killed ========== OTL ========== File move failed. C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe deleted successfully. File move failed. C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe scheduled to be moved on reboot. Folder C:\Programme\windows\ not found. Folder move failed. C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe scheduled to be moved on reboot. File move failed. C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe scheduled to be moved on reboot. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: All Users.WINDOWS User: Default User User: Default User.WINDOWS User: Gast ->Flash cache emptied: 0 bytes User: Gast.KRAUSE ->Flash cache emptied: 0 bytes User: Krause ->Flash cache emptied: 456 bytes User: LocalService User: LocalService.NT-AUTORITAT User: LocalService.NT-AUTORITÄT User: Michael User: NetworkService User: NetworkService.NT-AUTORITAT User: NetworkService.NT-AUTORITÄT Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast.KRAUSE ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Krause ->Temp folder emptied: 1097438 bytes ->Temporary Internet Files folder emptied: 5276160 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.NT-AUTORITAT User: LocalService.NT-AUTORITÄT ->Temp folder emptied: 1057464 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Michael User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.NT-AUTORITAT User: NetworkService.NT-AUTORITÄT ->Temp folder emptied: 1057464 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1088795 bytes RecycleBin emptied: 831 bytes Total Files Cleaned = 9,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12172010_155930 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\Krause\Startmenü\Programme\Autostart\kjoyppwc.exe not found! File\Folder C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe\kjoyppwc.exe not found! C:\Programme\LuHxMZBx¯ûaËkjoyppwc.exe folder moved successfully. Registry entries deleted on Reboot... |
|
17.12.2010, 16:49
| #14 |
| /// Malware-holic | Trojaner "Shutdowner.fft" im systemordner kannst du die dann noch mal neu packen und hocladen, weil die hochgeladene ist nur 2 kb groß der avira scan kommt später, wir sind aber gut im rennen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2010, 16:50
| #15 |
| | Trojaner "Shutdowner.fft" im systemordner Hab die rar hochgeladen. 97kb soweit ich gesehen habe. |
|
| Themen zu Trojaner "Shutdowner.fft" im systemordner |
| anhang, anwendungen, bekannte, bereits, cd-rom, dateien, eintrag, entferne, laufen, löschungen, neustart, programme, reparieren, schei, shutdowner.fft, system, troja, trojaner, troyaner, unbekannte, verbreitet, versucht, virenprogramme, virus, vorgehen, windows |
Linear-Darstellung
