|
Log-Analyse und Auswertung: Trojaner Win VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.12.2010, 13:35 | #1 |
| Trojaner Win Vista Servus, bei mir das Problem, dass ich bei Online Banking nach TANs gefragt wurde. Hab gelesen dass das wohl ein Trojaner sein soll. Und jetzt bin ich auf der Suche wo der Wurm steckt. Malwarebytes Scan läuft gerade durch. Info: habe keine Windows CD mehr um vista neu aufzuspielen.... |
29.12.2010, 14:51 | #2 |
/// Malware-holic | Trojaner Win Vista rufe deine bank an.
__________________onlinebanking muss gespert werden! hast du die lizenz wenigstens noch? Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
29.12.2010, 14:57 | #3 |
| Trojaner Win Vista Ja, Online Banking schon gesperrt. TAN natürlich auch nicht angegeben, bekomme neue Zugangsdaten.
__________________Malwarebyte scan läuft immer noch. Reicht der nicht? Achja, ich hätte auch kein Problem damit den Laptop einfach "platt" zu machen, sind nicht viele wichtige Sachen drauf. Nur habe halt kein Windows CD mehr... |
29.12.2010, 14:59 | #4 |
/// Malware-holic | Trojaner Win Vista bitte brich den Malwarebytes scan ab, meiner geht schneller und ist genauer. ich möchte unbekannte dateien einsammeln, an av hersteller senden und dann formatieren und den pc mit dir zusammen vernünftig absichern kannst du dir ne cd leihen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.12.2010, 15:06 | #5 |
| Trojaner Win Vista Ok hab Malwarebytes abgebrochen. Hier der Bericht bis dahin: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5415 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 29.12.2010 15:03:55 mbam-log-2010-12-29 (15-03-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 121114 Laufzeit: 1 Stunde(n), 38 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{55D92D63-20C5-49E0-EF6A-AF8599BFC58F} (Spyware.Passwords.XGen) -> Value: {55D92D63-20C5-49E0-EF6A-AF8599BFC58F} -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ckoqi (Trojan.Hiloti) -> Value: Ckoqi -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\administrator\AppData\Roaming\Ixhov\haefd.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Local\wprt32.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Users\Patrick\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\pehuym.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Local\739569.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. Mach jetzt das andere Programm. CD ausleihen, wüsste ich jetzt nicht woher. |
29.12.2010, 15:26 | #6 |
| Trojaner Win Vista OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.12.2010 15:10:10 - Run 1 OTL by OldTimer - Version 3.2.18.1 Folder = C:\Program Files Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 96,75 Gb Free Space | 67,11% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 132,31 Gb Free Space | 91,78% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\OTL.exe File not found PRC - C:\Programme\Mozilla Firefox 4.0 Beta 5\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 5\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\O2Micro Oz128 Driver\o2flash.exe (O2Micro International) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Programme\OTL.exe File not found MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Tobit Radio.fx\Client\rfx-helper.dll (Tobit.Software) MOD - C:\Windows\System32\dciman32.dll (Microsoft Corporation) MOD - C:\Windows\System32\config\systemprofile\AppData\Local\alesiyovupomub.dll () MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\ddraw.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (o2flash) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe (O2Micro International) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (XAudio) -- C:\Windows\System32\DRIVERS\xaudio.sys File not found DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (mdmxsdk) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (HSXHWAZL) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro ) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3581403039-799145802-1476181760-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis IE - HKU\S-1-5-21-3581403039-799145802-1476181760-500\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3581403039-799145802-1476181760-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}: C:\Windows\system32\config\systemprofile\AppData\Local\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B}\ [2010.12.21 19:05:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{9A23DF10-24F7-499D-9EBA-DFA2A661728A}: C:\Users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A} [2010.12.22 19:18:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.27 23:35:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 21:58:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2010.10.04 18:36:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010.12.26 18:08:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins [2010.08.03 11:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2010.11.25 22:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0rq7w62t.default\extensions [2010.09.17 17:28:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0rq7w62t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.03 14:05:05 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0rq7w62t.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} [2010.09.19 14:59:11 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0rq7w62t.default\extensions\firefox@tvunetworks.com [2010.09.17 17:28:58 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0rq7w62t.default\extensions\vshare@toolbar [2010.11.22 19:15:35 | 000,002,396 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\0rq7w62t.default\searchplugins\askcom.xml [2010.12.14 21:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- [2010.12.26 18:08:49 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM [2010.12.22 19:18:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\{9A23DF10-24F7-499D-9EBA-DFA2A661728A} [2010.12.21 19:05:30 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{E8D8F28B-EDD0-468A-BAD9-FB715F93792B} [2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3581403039-799145802-1476181760-500\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-3581403039-799145802-1476181760-500\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3581403039-799145802-1476181760-500\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Xtabica] C:\Windows\System32\config\systemprofile\AppData\Local\alesiyovupomub.DLL () O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\.DEFAULT..\Run: [RestorData.exe] C:\RestorData.exe\RestorData.exe File not found O4 - HKU\S-1-5-18..\Run: [RestorData.exe] C:\RestorData.exe\RestorData.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3581403039-799145802-1476181760-500..\Run: [{55D92D63-20C5-49E0-EF6A-AF8599BFC58F}] C:\Users\Administrator\AppData\Roaming\Ixhov\haefd.exe File not found O4 - HKU\S-1-5-21-3581403039-799145802-1476181760-500..\Run: [RfxSrvTray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bukeyx.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bukeyx.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3581403039-799145802-1476181760-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe File not found O20 - HKLM Winlogon: UserInit - (C:\Users\Administrator\AppData\Roaming\appconf32.exe) - C:\Users\Administrator\AppData\Roaming\appconf32.exe File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.12.29 15:08:58 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.12.29 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2010.12.29 13:21:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.29 13:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.29 13:21:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.29 13:21:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.29 13:20:44 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Programme\mbam-setup.exe [2010.12.24 12:19:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\cock [2010.12.22 21:50:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\5008 [2010.12.22 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\xmldm [2010.12.22 19:18:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9A23DF10-24F7-499D-9EBA-DFA2A661728A} [2010.12.20 17:09:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Anyzy [2010.12.08 00:13:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\P5JavaClientSettings [2010.11.29 23:55:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\SelfMV [2010.11.29 23:35:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2010.11.29 23:30:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Samsung [2010.11.29 23:26:04 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys [2010.11.29 23:26:04 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys [2010.11.29 23:26:03 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys [2010.11.29 23:26:03 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys [2010.11.29 23:26:03 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys [2010.11.29 23:26:03 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys [2010.11.29 23:26:03 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys [2010.11.29 23:23:16 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2010.11.29 23:20:20 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.11.29 23:18:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Samsung [2010.11.29 23:17:09 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2010.11.29 23:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010.11.29 23:16:59 | 000,000,000 | ---D | C] -- C:\Programme\Samsung [2010.11.29 23:16:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Samsung [2010.10.17 17:34:04 | 020,810,120 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetupFull50.exe [2010.10.13 18:13:37 | 000,737,339 | ---- | C] (N Company, Inc. ) -- C:\Programme\nschach3.exe [2010.10.07 21:23:17 | 028,253,422 | ---- | C] (AppWork UG (haftungsbeschränkt)) -- C:\Programme\JDownloader095Setup.exe [2010.10.04 18:29:33 | 075,019,048 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe [2010.09.28 00:00:51 | 004,101,552 | ---- | C] (Christian Kindahl ) -- C:\Programme\tugzip35.exe [2010.09.19 14:57:02 | 005,642,000 | ---- | C] (TVU networks) -- C:\Programme\TVUPlayer2.5.3.1.exe [2010.09.17 17:27:06 | 008,368,928 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_3.6.10.exe [2010.09.10 17:18:06 | 011,802,480 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp5581_full_emusic-7plus_de-de.exe [2010.09.08 21:48:52 | 010,928,504 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_5.exe [2010.08.22 12:08:26 | 000,955,840 | ---- | C] (AMD Inc.) -- C:\Programme\catalyst_mobility_32-bit_util.exe [2010.08.16 22:27:19 | 001,146,587 | ---- | C] (Frogster Online Gaming GmbH) -- C:\Programme\FOGDownloader-RoM_3_0_1_2153.exe [2010.08.03 17:17:23 | 006,287,656 | ---- | C] (Glarysoft Ltd ) -- C:\Programme\gusetup_slim226.exe [2010.08.03 16:08:07 | 009,332,568 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 4.0 Beta 2.exe [2010.08.03 16:02:35 | 010,896,808 | ---- | C] (Tobit.Software) -- C:\Programme\radio-fx.exe [2010.08.03 15:03:12 | 012,800,040 | ---- | C] (ICQ) -- C:\Programme\install_icq72b3129.exe [2010.08.03 12:21:34 | 455,611,504 | ---- | C] (Microsoft Corporation) -- C:\Programme\Windows6.0-KB936330-X86-wave0.exe [2010.08.02 22:29:51 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2010.08.02 22:29:50 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.08.02 22:29:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.09.17 16:14:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Users\Administrator\AppData\Roaming\*.tmp files -> C:\Users\Administrator\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.29 15:09:12 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe [2010.12.29 15:07:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mapqid.sys [2010.12.29 13:40:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.29 13:40:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.29 13:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.29 13:21:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.29 13:21:02 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe [2010.12.29 12:34:23 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.29 12:34:23 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.29 12:34:23 | 000,131,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.29 12:34:23 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.29 12:27:54 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010.12.29 11:41:23 | 000,000,120 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Sgacite.dat [2010.12.29 11:41:22 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Akimikere.bin [2010.12.29 11:39:35 | 2145,484,800 | -HS- | M] () -- C:\hiberfil.sys [2010.12.29 02:01:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.12.22 19:20:34 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.08 12:59:10 | 226,876,157 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.11.29 23:55:44 | 000,024,576 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.29 23:47:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.11.29 23:29:31 | 000,001,748 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2010.11.29 23:17:06 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Users\Administrator\AppData\Roaming\*.tmp files -> C:\Users\Administrator\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.29 15:07:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mapqid.sys [2010.12.29 13:21:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.22 22:29:19 | 000,000,065 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\AcroIEHelpe.txt [2010.12.22 19:19:02 | 000,000,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Sgacite.dat [2010.12.22 19:19:02 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Akimikere.bin [2010.12.07 12:58:41 | 226,876,157 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.29 23:47:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.11.29 23:29:31 | 000,001,748 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2010.11.29 23:23:16 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.11.29 23:23:16 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.11.29 23:17:06 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010.11.28 22:12:01 | 006,178,869 | ---- | C] () -- C:\Programme\einfach-lernen-kostenloses-betriebswirtschaft.pdf [2010.10.07 21:19:27 | 000,002,200 | ---- | C] () -- C:\Programme\ginalisa-gina_lisa_lohfink_sextape_raidrush.org.dlc [2010.09.28 00:09:11 | 001,444,057 | ---- | C] () -- C:\Programme\wrar393d.exe [2010.09.28 00:01:24 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.09.28 00:01:24 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.09.27 21:13:01 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2010.09.27 15:08:18 | 001,910,152 | ---- | C] () -- C:\Programme\lotrostandard.exe [2010.08.21 17:02:38 | 019,563,096 | ---- | C] () -- C:\Programme\vlc-1.1.3-win32.exe [2010.08.21 16:54:08 | 005,387,807 | ---- | C] () -- C:\Programme\Setup-SopCast-3.2.9-2010-3-23.exe [2010.08.21 16:49:25 | 005,279,114 | ---- | C] () -- C:\Programme\SopCast329.zip [2010.08.17 10:50:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.05 11:20:38 | 000,024,576 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 11:58:37 | 044,151,368 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe [2010.08.03 16:03:12 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.08.02 23:07:33 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2010.08.02 23:07:33 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2010.08.02 23:06:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2010.08.02 22:29:51 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.07.07 02:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.05.25 07:45:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.05.25 07:45:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.05.25 07:45:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.05.25 07:45:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2007.09.18 04:12:51 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.09.18 03:53:53 | 000,743,424 | R--- | C] () -- C:\Windows\libxml2.dll [2007.09.18 03:51:36 | 000,872,448 | R--- | C] () -- C:\Windows\iconv.dll [2007.09.17 16:14:09 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.09.03 10:18:00 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.09.03 09:18:13 | 000,000,041 | ---- | C] () -- C:\Windows\PreLaunch.ini [2007.09.03 09:18:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007.01.19 18:11:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.12.22 21:50:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\5008 [2010.12.29 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Anyzy [2010.08.03 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint [2010.12.24 12:19:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cock [2010.08.16 22:48:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FOG Downloader [2010.11.22 20:12:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft [2010.12.29 00:21:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ [2010.12.29 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ixhov [2010.12.02 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Msnet [2010.12.02 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Netlib [2010.11.29 23:18:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung [2010.08.03 16:03:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tobit [2010.12.22 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\xmldm [2010.12.29 12:27:54 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010.12.29 12:26:37 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.22 21:50:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\5008 [2010.08.03 16:02:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe [2010.12.29 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Anyzy [2010.10.16 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer [2010.08.03 00:19:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI [2010.09.18 19:58:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Avira [2010.08.03 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint [2010.12.24 12:19:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cock [2010.08.16 22:48:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FOG Downloader [2010.11.22 20:12:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft [2010.11.25 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Helper [2010.12.29 00:21:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ [2010.08.03 00:18:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities [2010.12.29 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ixhov [2010.11.22 20:13:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2010.12.29 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2010.11.22 19:46:27 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2010.09.28 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2010.12.02 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Msnet [2010.12.02 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Netlib [2010.11.29 23:18:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung [2010.12.06 12:45:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype [2010.12.06 12:43:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM [2010.08.03 16:03:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tobit [2010.11.21 21:40:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc [2010.09.10 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Winamp [2010.08.21 16:53:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR [2010.12.22 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.09.03 09:49:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.09.03 09:49:11 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.09.03 09:49:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: ENETHOOK.DLL > [2007.06.13 15:53:50 | 000,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Acer\Empowering Technology\eNet\eNetHook.dll [2007.06.13 15:53:50 | 000,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Windows\System32\eNetHook.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.08.03 08:22:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2010.08.03 08:22:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.09.03 09:55:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.09.03 09:55:53 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.18 22:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.15 15:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\System32\drivers\vsdatant.sys < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2010.08.03 11:31:49 | 002,421,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wucltux.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.12.2010 15:10:10 - Run 1 OTL by OldTimer - Version 3.2.18.1 Folder = C:\Program Files Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 96,75 Gb Free Space | 67,11% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 132,31 Gb Free Space | 91,78% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3581403039-799145802-1476181760-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 File not found htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10C5AFA1-A180-4D3D-9A56-B4DA4C9EA54C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{124F150D-92DB-4CA5-8017-11D773254758}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{1F01A422-F279-48D7-9E7C-6AD820F2954C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{223540D9-7908-47D7-B2A4-C5E04587FB92}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{2763F12A-23A5-434A-87CA-FF15788172A8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{3E7F7A34-F3EF-4C33-BE23-385D8D0C94FD}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{44E529EF-DF3F-4444-B810-258D2A21AB41}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{4A54D279-6D2F-48F5-BC8B-79EE1E6A198B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{5FA8090B-DA80-4DD9-9AE3-0B8E82C47211}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{655A69AD-CA06-4EAD-8C70-12AE438E2F29}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{675CD851-6C69-46D5-B6F5-AB19FA2CC00D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{76BA9E38-1A4A-4B3C-8937-ECD51BDC3C4C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7E4005FA-9CBB-4492-BAC7-CFDF0AD895E7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{8C1754DC-1442-4686-9014-E37EE7414F52}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{903E0803-B0D5-4686-851C-AB4D5DCA9FEF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{96136E44-3974-4AC9-B47B-3EE6F3325DCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9E90BCBB-C8BE-4C4B-976F-F02C4FC43D00}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A3D94134-9DAC-4C2A-A023-FBAEE32FAF34}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{AA75D1A2-5BB8-4213-8A8B-5F99D7982243}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{BA4EEC6B-27A9-4801-9A50-B5CEB19A951B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{BF8ABED2-657A-4CB2-A26B-626AD50547D6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D3283028-D777-4B73-BFDB-8BD2287775DC}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{D6017505-1AD8-42B3-8F62-EBEA2C1D1C67}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E2722040-F088-496A-9D7D-D4585413CAAD}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{EA4A41BA-E488-411D-85FD-FC14DFF3198E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{EF5C961F-03D8-4C3F-AEF1-27AD89071D89}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F5F34F75-7788-439B-8BA3-FBF1C6E8DADD}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{FF27C2E0-4C72-4929-89A3-BE17A1414A80}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2822F016-69E9-A368-B612-685CCF4A9B83}" = CCC Help English "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{3920C82C-C03F-0D90-8009-CBFD8CF0214B}" = ccc-utility "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{44B4C2E3-D570-16B4-8CED-3D83AAF5D6F7}" = Catalyst Control Center Localization All "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{4ECC1D06-672F-2935-E570-CA2D210AE0CE}" = Catalyst Control Center InstallProxy "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6AE3CBD7-80E9-71C5-97F1-B90E7EF02ADB}" = Skins "{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86) "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900 "{8D7CCD59-BEBB-57D4-23EC-B9A9DB173EAA}" = Catalyst Control Center Graphics Previews Vista "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B15A87DC-46AC-D726-E2F5-06A3D5F35C06}" = ATI Catalyst Install Manager "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB829D09-6426-F17D-C95D-303A6613A190}" = ccc-core-static "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Glary Utilities_is1" = Glary Utilities 2.26.0.956 "GridVista" = Acer GridVista "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4) "Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de) "NSchach3a_is1" = N Schach 3 "SopCast" = SopCast 3.2.9 "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tobit Radio.fx Server" = Radio.fx "TVUPlayer" = TVUPlayer 2.5.3.1 "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 1.1.4 "vShare" = vShare Plugin "Winamp" = Winamp "WinRAR archiver" = WinRAR "ZoneAlarm" = ZoneAlarm ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
29.12.2010, 15:41 | #7 |
/// Malware-holic | Trojaner Win Vista • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bukeyx.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bukeyx.exe () :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.12.2010, 16:04 | #8 |
| Trojaner Win Vista All processes killed ========== OTL ========== C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bukeyx.exe moved successfully. File C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bukeyx.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 32772 bytes User: All Users User: Default ->Flash cache emptied: 75 bytes User: Default User ->Flash cache emptied: 0 bytes User: Patrick ->Flash cache emptied: 761 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 10356480 bytes ->Temporary Internet Files folder emptied: 2488645891 bytes ->Java cache emptied: 14455818 bytes ->FireFox cache emptied: 169769564 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Patrick ->Temp folder emptied: 1176363 bytes ->Temporary Internet Files folder emptied: 9081158 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1514338 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42368904 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 14842 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.611,00 mb OTL by OldTimer - Version 3.2.18.1 log created on 12292010_154500 Files\Folders moved on Reboot... C:\Users\Administrator\AppData\Local\Temp\~DFAD95.tmp moved successfully. File\Folder C:\Windows\temp\ZLT07932.TMP not found! Registry entries deleted on Reboot... Neustart erforderlich. |
29.12.2010, 16:14 | #9 |
| Trojaner Win Vista Ok, die Einstellungen habe ich für den Upload vorgenommen. Edit: Upload sollte erfolgreich gewesen sein. |
29.12.2010, 16:25 | #10 |
/// Malware-holic | Trojaner Win Vista also, ich an deiner stelle würde eine windows cd kaufen und das system platt machen. hier sind zbot, spyeye und noch dropper drauf, die dein system infiziert haben, bzw vor langer zeit hatten. das system ist in seinem jetzigen zustand nicht mehr für onlinebanking zu gebrauchen. deine passwörter sind alle sammt gestohlen und müssen geendert werden und das system gehört neu aufgesetzt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.12.2010, 16:35 | #11 |
| Trojaner Win Vista Ok, das nenn ich mal eine ehrliche Anwort. Ich denke in dem Fall würde es gleich ein neuer Laptop werden, dieser ist auch ohne Viren nicht mehr ganz frisch. Systemwiederherrstellung oder solche Sachen bringen nichts? Achja, Für Musik und Filme tuts das Teil ja auch so noch oder? |
29.12.2010, 16:37 | #12 |
/// Malware-holic | Trojaner Win Vista naja es bringt ja nichts, drumm rum zu reden. systemwiederherstellung bringt nichts. wir bringen ihn so weit auf fordermann, aber onlinebanking kannst du dann trotzdem nicht machen, zum filme gucken und musik hören ists ok. update noch mal Malwarebytes und starte nen komplett scan. poste das log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.12.2010, 16:54 | #13 |
| Trojaner Win Vista habe das mit ehrlich positiv gemeint Ok, dauert dann wieder eine Weile der Scan oder? Würde den Laptop dann aufjedenfall aufräumen wollen, also einige Programme dann runterschmeißen und ihn dann nur noch für Filme, Musik, Streams nutzen. Normales Surfen sollte ja auch noch möglich sein. Nachher dann eine Systemwiederherrstellung oder von Hand einzeln? Aber ein neuer Laptop für alles wird dann auf jedenfall gekauft. |
29.12.2010, 17:01 | #14 |
/// Malware-holic | Trojaner Win Vista ja dauert schon ne stunde bis höchstens 2 im normalfall.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.12.2010, 17:57 | #15 |
| Trojaner Win Vista Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5416 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 29.12.2010 17:56:10 mbam-log-2010-12-29 (17-56-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 236201 Laufzeit: 1 Stunde(n), 2 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Windows\System32\config\systemprofile\AppData\Local\alesiyovupomub.dll (Trojan.Agent.U) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xtabica (Trojan.Agent.U) -> Value: Xtabica -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe,C:\Users\Administrator\AppData\Roaming\appcon f32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: c:\_OTL\movedfiles\12292010_154500\C_Users\Default\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\bukeyx.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\config\systemprofile\AppData\Local\alesiyovupomub.dll (Trojan.Agent.U) -> Delete on reboot. c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully. |
Themen zu Trojaner Win Vista |
banking, malwarebytes, neu, online, online banking, problem, scan, servus, suche, tans, troja, trojaner, vista, win, win vista, windows, wurm |