| |
| |||||||
Log-Analyse und Auswertung: Keylogger im System/Logs überprüfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2010, 18:00
| #1 |
| |  Keylogger im System/Logs überprüfen Hallo! Offensichtlich bin ich von einem Keylogger oder irgendeiner HiJack Software infiziert worden. Aufgefallen ist mir dies, nachdem mein World of Warcraft Account geplündert wurde. In der Regel passiert das ja, wenn man sich einen Keylogger eingefangen hat. Direkt danach habe ich mir ein random Tool gesucht um nach Infizierungen zu suchen, da mein AVG ja die Infizierungen offensichtlich nicht bemerkt hat. Ich habe mir "Spyware Doctor" geladen und dieser hat auch gleich mehrere Bedrohungen gefunden und entfernt. Nun weiß ich natürlich nicht, ob ich tatsächlich von allem befreit bin, daher habe ich die Schritte in der FAQ befolgt und hoffe, dass mir auf diesem Weg geholfen werden kann. Kurz vorweg, ich habe KEINE Ahnung von Keyloggern oder Hijack Software, so dass ich wirklich alles Schritt für Schritt erledigen muss (allerdings war der Prozess in der FAQ ja gut erklärt). Leider weiß ich nicht, wie man die Logs in Bildlaufleisten fast, deshalb müsst ihr vorerst mit den elendig langem Post vorlieb nehmen, entschuldigt! Aber vielleicht kann mir ja jemand verraten wie man das macht!  Hier also meine Logs: Log von MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5383 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 23.12.2010 15:42:48 mbam-log-2010-12-23 (15-42-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 135685 Laufzeit: 4 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) defogger_disable.log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:43 on 23/12/2010 (EvilTwin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.12.2010 17:15:12 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 33,49 Gb Free Space | 28,76% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 45,66 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Drive F: | 116,44 Gb Total Space | 62,83 Gb Free Space | 53,95% Space Free | Partition Type: NTFS Drive G: | 116,44 Gb Total Space | 57,21 Gb Free Space | 49,13% Space Free | Partition Type: NTFS Computer Name: EVILTWIN-PC | User Name: EvilTwin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.23 15:06:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe PRC - [2010.11.11 00:40:24 | 000,421,160 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunesHelper.exe PRC - [2010.11.10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2010.11.10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010.10.27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2010.10.27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.10.22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2010.10.22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2010.10.22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2010.10.22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.08.15 13:03:40 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.15 10:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008.07.15 10:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\HControl.exe PRC - [2008.07.09 16:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Programme\P4G\BatteryLife.exe PRC - [2008.06.24 18:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Media\DMedia.exe PRC - [2008.06.23 19:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.06.19 11:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Programme\ASUS\ASUS CopyProtect\ASPG.exe PRC - [2008.06.17 21:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Programme\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.06.13 06:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.03 16:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Programme\ASUS\Splendid\ACMON.exe PRC - [2008.04.10 10:32:18 | 001,796,648 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.04.10 10:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.01.23 09:51:28 | 000,151,552 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\WDC.exe PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.11 21:40:10 | 000,098,304 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\HControlUser.exe PRC - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.04 18:48:06 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2007.08.15 10:20:16 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Programme\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.05 15:53:44 | 001,040,384 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe PRC - [2005.07.06 14:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.23 15:06:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe MOD - [2010.09.20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll MOD - [2008.08.28 04:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2008.04.10 10:31:36 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll MOD - [2008.01.21 03:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.21 03:25:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010.11.10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.08.15 14:45:34 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\I386\AsProcOb.sys -- (ASUSProcObsrv) DRV - [2010.11.25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010.11.09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010.09.13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010.09.07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010.09.07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010.09.07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2010.08.19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010.08.19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2010.08.19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2010.07.16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2010.07.16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS) DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.05.28 21:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.07.03 09:30:14 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.06.17 09:49:52 | 002,153,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.06.03 07:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 09:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby) DRV - [2008.05.07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.03.17 01:42:22 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2008.03.17 01:42:20 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2008.03.17 01:42:16 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2008.02.15 16:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.02.05 08:52:24 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET) DRV - [2008.01.31 12:18:58 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET) DRV - [2008.01.29 03:46:58 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.18 16:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.09.06 09:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET) DRV - [2007.08.03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.06.16 20:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.11.24 15:36:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.23 14:45:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 13:41:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.09 13:23:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.09 13:23:34 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Extensions [2010.11.09 13:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.22 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Firefox\Profiles\tkgtrp6p.default\extensions [2010.08.23 12:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Firefox\Profiles\tkgtrp6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.11 12:41:11 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\mozilla\Firefox\Profiles\tkgtrp6p.default\extensions\firebug@software.joehewitt.com [2010.12.22 16:38:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.09 16:42:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.27 18:25:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.29 10:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Miranda Fusion] F:\MirandaFusion\mfstart.exe (Miranda Fusion Team) O4 - Startup: C:\Users\EvilTwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Sebis Dateien\Wallpaper\1235867722328.jpg O24 - Desktop BackupWallPaper: D:\Sebis Dateien\Wallpaper\1235867722328.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{31824e6b-a863-11df-833e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{31824e6b-a863-11df-833e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found O33 - MountPoints2\{59d0a038-a854-11df-a11e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{59d0a038-a854-11df-a11e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.12.23 15:37:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.12.23 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\Desktop\Gmer [2010.12.23 15:07:22 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\AppData\Roaming\Malwarebytes [2010.12.23 15:07:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.23 15:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.23 15:06:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.23 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.12.23 14:21:14 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2010.12.23 14:21:14 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2010.12.23 14:21:12 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2010.12.23 14:21:12 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2010.12.23 14:20:56 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010.12.23 14:20:56 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010.12.23 14:20:41 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010.12.23 14:20:29 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\AppData\Roaming\PC Tools [2010.12.23 14:20:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.12.23 14:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.12.23 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.12.19 23:46:32 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\Desktop\critb.weed [2010.12.18 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\Desktop\Songbook Blink 182 [2010.12.17 16:23:21 | 000,000,000 | ---D | C] -- C:\Users\EvilTwin\AppData\Roaming\ID3-TagIT 3 [2010.12.17 16:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ID3-TagIT 3 [2010.11.28 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2010.11.28 17:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard [2010.11.28 14:51:45 | 000,000,000 | ---D | C] -- C:\Programme\World of Warcraft [2010.08.15 12:24:34 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2010.12.23 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.12.23 15:43:48 | 000,000,000 | ---- | M] () -- C:\Users\EvilTwin\defogger_reenable [2010.12.23 15:35:28 | 000,000,713 | ---- | M] () -- C:\Users\EvilTwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.12.23 15:35:16 | 000,000,556 | ---- | M] () -- C:\Users\EvilTwin\Desktop\ERUNT.lnk [2010.12.23 15:30:20 | 000,483,935 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.23 15:30:20 | 000,483,935 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.23 15:30:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.12.23 15:29:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 15:29:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.23 15:29:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.23 15:29:00 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2010.12.23 15:27:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.12.23 15:07:04 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.23 15:05:55 | 000,050,477 | ---- | M] () -- C:\Users\EvilTwin\Desktop\defogger.exe [2010.12.23 15:05:38 | 000,472,152 | ---- | M] () -- C:\Users\EvilTwin\Desktop\Load.exe [2010.12.23 14:58:51 | 000,002,367 | ---- | M] () -- C:\Users\EvilTwin\Desktop\HiJackThis.lnk [2010.12.23 14:56:55 | 001,402,880 | ---- | M] () -- C:\Users\EvilTwin\Desktop\HiJackThis.msi [2010.12.23 14:22:37 | 001,783,266 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2010.12.23 14:20:53 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.12.23 14:19:07 | 000,512,992 | ---- | M] () -- C:\Users\EvilTwin\Desktop\sdsetup.exe [2010.12.23 14:07:24 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2010.12.22 17:08:07 | 000,083,456 | ---- | M] () -- C:\Users\EvilTwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.22 13:10:49 | 102,345,073 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 01:08:00 | 000,720,444 | ---- | M] () -- C:\Users\EvilTwin\Desktop\Public Enemies.m4r [2010.12.13 20:37:49 | 002,105,332 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.13 20:37:49 | 001,052,232 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.13 20:37:49 | 000,609,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.13 20:37:49 | 000,542,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.28 14:59:01 | 000,012,896 | ---- | M] () -- C:\Users\EvilTwin\Desktop\Schulden.ods [2010.11.25 10:53:58 | 000,160,448 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010.11.25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010.11.25 10:42:10 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010.11.24 15:36:36 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk ========== Files Created - No Company Name ========== [2010.12.23 15:43:48 | 000,000,000 | ---- | C] () -- C:\Users\EvilTwin\defogger_reenable [2010.12.23 15:35:28 | 000,000,713 | ---- | C] () -- C:\Users\EvilTwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.12.23 15:35:16 | 000,000,556 | ---- | C] () -- C:\Users\EvilTwin\Desktop\ERUNT.lnk [2010.12.23 15:07:04 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.23 15:05:55 | 000,050,477 | ---- | C] () -- C:\Users\EvilTwin\Desktop\defogger.exe [2010.12.23 15:05:34 | 000,472,152 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Load.exe [2010.12.23 14:58:07 | 000,002,367 | ---- | C] () -- C:\Users\EvilTwin\Desktop\HiJackThis.lnk [2010.12.23 14:56:51 | 001,402,880 | ---- | C] () -- C:\Users\EvilTwin\Desktop\HiJackThis.msi [2010.12.23 14:22:11 | 001,783,266 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2010.12.23 14:20:53 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.12.23 14:18:51 | 000,512,992 | ---- | C] () -- C:\Users\EvilTwin\Desktop\sdsetup.exe [2010.12.21 17:24:46 | 184,185,990 | ---- | C] () -- C:\Users\EvilTwin\Desktop\himym-satws-s01e03.avi [2010.12.21 16:19:40 | 182,558,488 | ---- | C] () -- C:\Users\EvilTwin\Desktop\himym-satws-s01e02.avi [2010.12.21 16:19:27 | 184,390,206 | ---- | C] () -- C:\Users\EvilTwin\Desktop\himym-satws-s01e01.avi [2010.12.19 23:54:06 | 408,916,770 | ---- | C] () -- C:\Users\EvilTwin\Desktop\going_downtown_big.wmv [2010.12.19 20:55:53 | 728,801,280 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Stand.By.Me.avi [2010.12.17 01:07:58 | 000,720,444 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Public Enemies.m4r [2010.12.12 21:25:07 | 576,903,168 | ---- | C] () -- C:\Users\EvilTwin\Desktop\Stargate.SG-1.-.3x15.-.Die.Tollan.Triade.(DVDRip.XviD.1.2.AC3.german.MP3.english).avi [2010.11.28 20:24:41 | 419,416,064 | ---- | C] () -- C:\Users\EvilTwin\Desktop\tvr-shield-s03e07-wsdvdrip.avi [2010.11.28 16:04:06 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2010.11.24 15:36:36 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010.08.16 16:10:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.08.16 16:10:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.08.16 13:25:51 | 000,083,456 | ---- | C] () -- C:\Users\EvilTwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 14:53:00 | 000,000,023 | ---- | C] () -- C:\Windows\System32\ChkMail.ini [2010.08.15 14:52:52 | 000,483,935 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.08.15 14:52:46 | 000,483,935 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.08.15 13:14:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.08.15 12:37:48 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll [2010.08.15 12:07:50 | 000,000,680 | ---- | C] () -- C:\Users\EvilTwin\AppData\Local\d3d9caps.dat [2008.07.01 18:28:38 | 000,061,440 | ---- | C] () -- C:\Programme\Common Files\CPInstallAction.dll [2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Programme\Common Files\banner.jpg [2007.06.12 09:34:50 | 000,035,822 | ---- | C] () -- C:\Programme\Common Files\ASPG_icon.ico [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.04.03 00:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1998.05.06 05:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== LOP Check ========== [2010.11.12 17:57:17 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\AVG10 [2010.10.25 12:08:00 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\gtk-2.0 [2010.12.19 17:50:07 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\ICQ [2010.12.17 16:25:41 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\ID3-TagIT 3 [2010.09.17 12:57:31 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\ImgBurn [2010.08.16 17:24:41 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\IrfanView [2010.11.15 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\Miranda Fusion [2010.08.27 12:44:21 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\OpenOffice.org [2010.09.07 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\TeamViewer [2010.11.09 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\Thunderbird [2010.08.15 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\EvilTwin\AppData\Roaming\TuneUp Software [2010.12.23 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.12.23 15:27:28 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008.08.25 10:37:36 | 000,000,041 | ---- | M] () -- C:\app3_DVD.LOG [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2010.08.15 12:02:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2007.04.04 20:01:54 | 000,000,019 | ---- | M] () -- C:\CA21.txt [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2008.09.21 09:06:38 | 000,024,165 | ---- | M] () -- C:\devlist.txt [2008.09.21 09:06:31 | 000,000,009 | ---- | M] () -- C:\Finish.log [2010.12.23 15:29:00 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2010.05.10 18:20:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.07.22 13:25:29 | 001,048,576 | RH-- | M] () -- C:\M70V.BIN [2008.08.01 13:31:07 | 000,000,014 | ---- | M] () -- C:\M70VM_M70VR_M70VN_VISTA.20 [2008.07.17 12:36:45 | 001,048,576 | RH-- | M] () -- C:\M70Vn.BIN [2010.05.10 18:20:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008.08.08 08:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG [2008.07.04 05:35:34 | 000,000,021 | ---- | M] () -- C:\NIS2008.TXT [2007.03.16 00:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT [2010.12.23 15:29:00 | 3533,877,248 | -HS- | M] () -- C:\pagefile.sys [2008.09.20 19:58:08 | 000,000,105 | ---- | M] () -- C:\Pass.txt [2008.07.24 10:05:52 | 000,002,386 | ---- | M] () -- C:\Patch.LOG [2008.04.29 15:30:15 | 000,000,020 | ---- | M] () -- C:\READER_A.TXT [2008.08.01 13:31:07 | 000,000,021 | ---- | M] () -- C:\RECOVERY.DAT [2010.08.15 12:32:55 | 000,000,560 | ---- | M] () -- C:\RHDSetup.log [2010.08.15 13:04:20 | 000,000,159 | ---- | M] () -- C:\setup.log [2006.05.16 01:22:24 | 000,000,005 | ---- | M] () -- C:\store.log [2008.09.21 07:44:39 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt [2008.09.21 07:43:42 | 000,000,098 | ---- | M] () -- C:\SumOS.txt [2008.07.31 23:40:18 | 000,000,021 | ---- | M] () -- C:\V552.txt [2010.07.05 14:20:54 | 000,088,813 | ---- | M] () -- C:\wubildr [2010.07.05 14:20:54 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006.11.02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-15 12:43:37 ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Extras-Log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.12.2010 17:15:12 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 33,49 Gb Free Space | 28,76% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 45,66 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 62,83 Gb Free Space | 53,95% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 57,21 Gb Free Space | 49,13% Space Free | Partition Type: NTFS
Computer Name: EVILTWIN-PC | User Name: EvilTwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "D:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E8CD78-CF3B-450C-B6E1-A93DF2DF2519}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24B1F0FF-766B-4BE2-80C4-76F9561F8F53}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D14631C-7431-4237-A71D-8526CE4C248F}" = rport=137 | protocol=17 | dir=out | app=system |
"{596F1518-FCE6-488A-8049-8CAC640CF979}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BFDCE27-A004-4195-B145-FA25411A6C85}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{851437C5-76C4-4335-8B69-5482CE081B7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{8F73C3A9-DFF0-4CD2-82AF-102FD98EFF0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98710CCB-A1A6-4D3B-AC9A-6A375DBFED12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9B0CCCC0-9D5C-4DB9-B484-8E4CBF207751}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BE8A54D-AF6B-4A7F-AF26-4AEE29D2C318}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A230C05A-98E6-44DA-BCBF-85EF38CB5B51}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A65346AD-F33C-45DF-B30A-5FFF2079F931}" = rport=139 | protocol=6 | dir=out | app=system |
"{ADE15EC2-5F9D-4B31-ADE2-E97152C52187}" = lport=138 | protocol=17 | dir=in | app=system |
"{B376A5EA-8BD4-4AB7-AEE2-6B703027A1BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B742DA63-AE87-43E6-BD8A-C5509CE94581}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{C2192BFA-6142-450E-97EB-BD21D6A6C5E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF5756A2-E813-4274-B5B0-F0EEFE84C0EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3AE72D3-3B2E-4D40-BF25-7931161DF498}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF9BE7B0-1402-48A8-B192-1228F7CB1B0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BEC0A4F-5891-4F46-B1FB-559CD23C897D}" = protocol=17 | dir=in | app=f:\starcraft ii\starcraft ii.exe |
"{0E557C90-D882-4413-81AD-5D49FB1390E1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1186FAD9-8757-41AF-AD39-C55F256E2426}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base16939\sc2.exe |
"{14DC7133-24A4-42DF-95A1-94686CE6CE82}" = protocol=17 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{16D44434-0587-4A3E-908D-6301450DF3E9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{17659E5F-3955-4714-9F9F-6892E6C07DA0}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base16755\sc2.exe |
"{359DAC7E-A0BB-4DBC-A8A3-24AC353599CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36965403-1F05-4D89-AFC0-35BA225E8A34}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base15405\sc2.exe |
"{36979C02-60C7-4307-A23D-A33FDEE52EB4}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base16561\sc2.exe |
"{3901410D-49E4-4AF5-92AC-094DFC35A469}" = protocol=17 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{3A02538F-2A9C-45A8-A26F-FB0AE9859F4E}" = protocol=6 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{49BB944E-0E36-4197-B30B-C907F5490194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E5DDEE4-F339-4558-927A-03AE92BA5A05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F79C2FC-3CDA-42D5-B0AB-6C323B179756}" = protocol=17 | dir=in | app=f:\mirandafusion\miranda32.exe |
"{5A1F4D11-94B9-4E8A-8F8B-26A20F8A92CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5CFA6BC4-4A22-41F3-9758-1C26ED54F48E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5E9B600D-BE78-4BA9-B307-0C8D0CBD0450}" = protocol=6 | dir=in | app=f:\mirandafusion\miranda32.exe |
"{5EC9DA4A-3546-4876-8A92-AAF0AF472119}" = protocol=17 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{5F371AF4-4F4C-4F9E-ABC7-DE12717564DF}" = protocol=6 | dir=in | app=f:\world of warcraft\blizzard downloader.exe |
"{605C2974-868D-4CF0-B2F2-19C9641A9BCB}" = protocol=6 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{62E4E530-56FB-4611-9CBC-5830BF959B3C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6ACE0E05-C891-4900-8C2C-D38FF23882D6}" = protocol=17 | dir=in | app=f:\world of warcraft\blizzard downloader.exe |
"{6E95307A-7A05-44B1-BEDB-CA2CC5F6414F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DF2523F-8438-4B7E-9DCA-2DBF5A48D7B0}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base16755\sc2.exe |
"{7E5615EA-D19B-46DB-906C-F57BF83ED872}" = protocol=6 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{8350A28C-CCBD-44E5-91A1-40B25C2123C9}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{836FC63E-F3A4-4762-A3F0-A74F9890C039}" = protocol=6 | dir=in | app=f:\starcraft ii\starcraft ii.exe |
"{84F6A2EE-6750-4E7F-85C4-1825D40ACC50}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{84FA17D1-282D-4189-A856-EB01AA0FC8A7}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base16939\sc2.exe |
"{8C278D56-E5CA-42C6-8FA5-60BA2725E22F}" = protocol=6 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{9BEB14BE-D3D0-4192-8FE5-B7206431DECE}" = protocol=6 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{9EADF9D2-5CDB-401C-891B-64015B9CA3C4}" = protocol=17 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{A44602A0-AD83-4F26-99F8-F6B256068881}" = dir=in | app=d:\program files\itunes.exe |
"{A9D44C79-AE22-4036-80CA-7F76A4973400}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ACDCD13A-F0A9-434D-8566-2D13B5BE7372}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"{B63225CE-4C49-49C2-A9BA-8D7A90D35D3E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B9088C31-A953-424C-AD42-20D5E6130585}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BD4660BD-239A-4C32-AA10-20F2E4995781}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C839B2C5-556B-45DE-A8B5-54677E316238}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C9DA05C2-136B-4F9A-B525-784680BB9634}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D1E3EB05-4317-4B2A-A605-1FF71496E65A}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.patch.exe |
"{D719C94C-3AD2-4676-A120-7319A988ABA4}" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base15405\sc2.exe |
"{E03DD120-EFE8-4F9E-B646-C6571E55123A}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"{E907C19B-D5A4-49E6-B4C7-99738DE042F2}" = protocol=17 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{E96F37F9-3A79-49BB-8F65-331F3E3D7C6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F16BF2E6-6F36-4523-9369-E78595FFC7B2}" = protocol=6 | dir=in | app=f:\program files\icq7.2\icq.exe |
"{F7B93EFB-F8C9-4FAB-B3EF-A2DE0AEEB8BB}" = protocol=17 | dir=in | app=f:\program files\icq7.2\aolload.exe |
"{F7E082A9-9F43-44CB-84CB-F75DB4B389F1}" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base16561\sc2.exe |
"{F9AE67D5-6063-4F57-B9B9-816DAC549B23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{07D8E973-7258-4224-8E45-1E3F1CD5AF9B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9FF3F87C-D355-48B5-B3B1-B65DE606088C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3D1D27D9-6EF4-4145-AD12-BE6A7DB49254}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9E386B28-18E8-4254-AF9C-2BB4CC36C44B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AVG" = AVG 2011
"ERUNT_is1" = ERUNT 1.1j
"ID3-TagIT 3_is1" = ID3-TagIT 3
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MirandaFusion" = Miranda Fusion 2.1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Spyware Doctor" = Spyware Doctor 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.12.2010 10:27:19 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:19 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:27:20 | Computer Name = EvilTwin-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
Error - 23.12.2010 10:30:28 | Computer Name = EvilTwin-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.12.2010 10:51:44 | Computer Name = EvilTwin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.15530, Zeitstempel
0x4cd7c3b7, fehlerhaftes Modul gmer.exe, Version 1.0.15.15530, Zeitstempel 0x4cd7c3b7,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000c551, Prozess-ID 0x954, Anwendungsstartzeit
01cba2b0c0ba1182.
[ System Events ]
Error - 19.11.2010 07:15:07 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 19.11.2010 14:51:18 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 20.11.2010 14:06:55 | Computer Name = EvilTwin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.11.2010 um 21:49:03 unerwartet heruntergefahren.
Error - 20.11.2010 14:06:57 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 20.11.2010 22:42:41 | Computer Name = EvilTwin-PC | Source = DCOM | ID = 10010
Description =
Error - 21.11.2010 09:20:38 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 21.11.2010 16:22:17 | Computer Name = EvilTwin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.11.2010 um 21:20:27 unerwartet heruntergefahren.
Error - 21.11.2010 16:22:18 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 21.11.2010 16:36:04 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
Error - 22.11.2010 11:04:35 | Computer Name = EvilTwin-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Der Defogger Log kommt mir etwas kurz vor, habe ich da alles richtig gemacht? Ich hoffe ich habe alles beachtet was zur Lösung des Problems gebraucht wird. Ich danke euch schonmal im Vorraus! Gruß Kiyamaro |
|
23.12.2010, 21:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Keylogger im System/Logs überprüfenZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
24.12.2010, 00:10
| #3 |
| | Keylogger im System/Logs überprüfen Also Malwarebytes ist auf dem Stand von heute, da ich es ja erst aufgrund des Tutorials aus dem FAQ installiert hatte und es da aktualisiert habe. Deshalb habe ich auch keine älteren Logs.
__________________Den Vollscan hab ich jetzt gemacht. Sieht aber so aus als wenn der auch nichts weiter gefunden hätte. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5383 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 24.12.2010 00:05:30 mbam-log-2010-12-24 (00-05-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 405164 Laufzeit: 2 Stunde(n), 15 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ------- Kann ich davon ausgehen, dass "Spyware Doctor" den Keylogger entfernt hat, oder wie verfahre ich jetzt am besten weiter? Gruß Kiyamaro |
|
25.12.2010, 15:08
| #4 |
| | Keylogger im System/Logs überprüfen Ich wage mich mal vor und pushe meinen Thread einmal, da ich wirklich gerne wissen würde, ob jetzt noch akute Gefahr besteht, dass meine Passwörter gestohlen werden. Hab noch 2 Scans mit verschiedenen AV Programmen durchgeführt und die haben auch nichts gefunden. HIer noch der Hijackthis-Log, kann ja auch nur hilfreich sein, wenn ich den poste. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:10:27, on 25.12.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18527) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe D:\Program Files\iTunesHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe" O4 - HKCU\..\Run: [Miranda Fusion] F:\MirandaFusion\mfstart.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: BTTray.lnk = ? O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\PC Tools Security\pctsSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 7262 bytes Frohe Weihnachten! Geändert von Kiyamaro (25.12.2010 um 15:16 Uhr) |
|
| Themen zu Keylogger im System/Logs überprüfen |
| alternate, autorun, bho, bonjour, corp./icp, desktop, down, downloader, error, failed, firefox, firefox.exe, flash player, format, gebraucht, hijack, home, home premium, iastor.sys, install.exe, jdownloader, location, logfile, mozilla, mozilla thunderbird, nvlddmkm.sys, nvstor.sys, oldtimer, otl log, plug-in, programdata, prozess, realtek, registry, rundll, saver, searchplugins, security, shell32.dll, skype.exe, software, spyware, start menu, svchost.exe, vista, vlc media player, windows.old |
Linear-Darstellung
