|
Log-Analyse und Auswertung: Backdoor.Shark.astWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.02.2011, 22:00 | #1 |
| Backdoor.Shark.ast Hallo zusammen, seit ein paar Tagen ist mein Laptop wahnsinnig langsam, vor allem beim Öffnen von Mozilla Firefox. Nachdem ich mich im Internet nach der möglichen Ursache erkundigt habe, habe ich das Programm Spyware Terminator heruntergeladen und lasse es gerade meine Dateien prüfen. Hierbei findet das Programm in so gut wie jedem Ordner den Trojaner "backdoor.shark.ast". Als ich über diesen Trojaner gelesen habe, war ich schockiert, dass er alle meine vorhandenen Daten sowie Passwörter ausspähen kann. Ich habe den Laptop direkt vom Inet getrennt, was jetzt wahrscheinlich auch nichts mehr bringt. Beim googlen habe ich gelesen, dass ich das System komplett neu aufsetzen muss. Nun zu meiner Frage: Ich habe die Forenregeln gelesen, wollte euch jedoch trotzdem erst fragen, ob es Sinn macht, das Spywareprogramm zu Ende laufen zu lassen, da es seit 3 Stunden bei 31% steht und von 165.000 geprüften Dateien 165.000 infiziert sind.... Wenn ihr meint, dass es keinen Sinn macht, werde ich die hier im Forum genannten Schritte befolgen. Vielen Dank schon einmal im Voraus! |
04.02.2011, 22:15 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.ast Poste bitte alle Details zu den bisherigen Funden! Dateinamen und komplette Pfadangaben, zB Schädling W32.irgendwas in c:\Windows\virus.exe!!
__________________
__________________ |
06.02.2011, 00:16 | #3 |
| Backdoor.Shark.ast Hallo,
__________________nachdem vorgestern das Programm Spyware Terminator beim Prüfen abgestürzt ist, habe ich Malwarebytes runtergeladen, aktualisiert und dann drüberlaufen lassen. Es sagt jedoch, das keine bösartigen Befunde gefunden worden sind. Spyware Terminator hat bis jetzt folgende Dinge festgestellt: (bei jeder neuen Prüfung findet er einen anderen Virus/Trojaner) Scan von vorgestern: backdoor.shark.ast --> fast jeder Ordner war infiziert, habe leider keinen Bericht, da das Programm beim Öffnen der gespeicherten Prüfberichte jedes Mal abstürzt Scan von heute: (Dauer: 10 Stunden) Trojan.crypt.zpack.gen --> <Trojan.Crypt.ZPACK.Gen> : \Program Files\Tobit ClipInc\Server\Audio\995JUMP[15-44 31-01-2011 129409622832317885].dat und noch mehrere Files aus ClipInc Von heute habe ich allerdings den kompletten Prüfbericht, konnte ihn rechtzeitig per copy&paste sichern Wie kann ich am besten weiter vorgehen, dass ihr was damit anfangen könnt? Vielen Dank schon einmal! Edit: seit dem erneuten Hochfahren ist jetzt die Windows Firewall deaktiviert und lässt sich nicht mehr aktivieren (Rechner ist aber zur Zeit vom Netz genommen) Geändert von Islay (06.02.2011 um 01:04 Uhr) |
06.02.2011, 20:50 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.ast Poste trotzdem das Log von Malwarebytes, also alle, falls mehrere vorhanden sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.02.2011, 01:18 | #5 |
| Backdoor.Shark.ast Hallo, anbei das logfile von Malwarebytes von heute, sowie die Vorherigen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5706 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 08.02.2011 00:59:25 mbam-log-2011-02-08 (00-59-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 363903 Laufzeit: 2 Stunde(n), 3 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5680 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 05.02.2011 10:14:35 mbam-log-2011-02-05 (10-14-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 365574 Laufzeit: 1 Stunde(n), 56 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5680 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 05.02.2011 05:06:21 mbam-log-2011-02-05 (05-06-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 366991 Laufzeit: 2 Stunde(n), 28 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Islay |
08.02.2011, 09:30 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.ast Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Backdoor.Shark.ast |
09.02.2011, 23:37 | #7 |
| Backdoor.Shark.ast Hallo, anbei die beiden Logdateien aus dem OTL Scan: Code:
ATTFilter OTL logfile created on: 09.02.2011 00:38:36 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Xxx\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,27 Gb Total Space | 115,55 Gb Free Space | 52,46% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,65 Gb Free Space | 46,47% Space Free | Partition Type: NTFS Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: XXXS-PC | User Name: Xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\sp_rsser.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet) PRC - C:\Programme\phonostar-Player\phonostarTimer.exe () PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation) PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\Xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (SCR33x USB Smart Card Reader) -- C:\Windows\System32\drivers\SCR33X2K.sys (SCM Microsystems Inc.) DRV - (STC2DFU) -- C:\Windows\System32\drivers\Stc2Dfu.sys (SCM Microsystems Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1080620 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {3a750e59-9048-456b-a7f9-4d22dcb583f3} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.03 04:02:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.03 04:01:42 | 000,000,000 | ---D | M] [2010.01.30 14:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions [2011.02.03 04:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\hz63zn13.ProfilNeu\extensions [2011.02.03 04:06:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\hz63zn13.ProfilNeu\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.03 01:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\vntlcwbu.default\extensions [2010.07.26 22:40:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\vntlcwbu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.18 10:49:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\vntlcwbu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.31 16:03:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\vntlcwbu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.01.29 01:34:13 | 000,001,056 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\vntlcwbu.default\searchplugins\icqplugin.xml [2010.12.06 16:27:06 | 000,001,734 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\vntlcwbu.default\searchplugins\search-the-web.xml [2011.02.03 04:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.28 13:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.31 15:35:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.04.28 13:16:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.04.28 13:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.31 15:35:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) O4 - HKCU..\Run: [Comtab] C:\Users\Xxx\AppData\Roaming\Catuser\olems.exe () O4 - HKCU..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.06.27 10:12:50 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{2626c789-b1e0-11dd-8008-001f3bc098d9}\Shell - "" = AutoRun O33 - MountPoints2\{2626c789-b1e0-11dd-8008-001f3bc098d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6b1b37af-693d-11dd-8583-001fe1ddc069}\Shell - "" = AutoRun O33 - MountPoints2\{6b1b37af-693d-11dd-8583-001fe1ddc069}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\{f236cc17-9e00-11dd-815e-001f3bc098d9}\Shell - "" = AutoRun O33 - MountPoints2\{f236cc17-9e00-11dd-815e-001f3bc098d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f236cc44-9e00-11dd-815e-001f3bc098d9}\Shell - "" = AutoRun O33 - MountPoints2\{f236cc44-9e00-11dd-815e-001f3bc098d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.09 00:34:48 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe [2011.02.07 22:53:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.07 22:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.07 22:53:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.07 21:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.02.05 02:33:15 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes [2011.02.05 02:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.05 02:32:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.03 18:35:12 | 000,000,000 | ---D | C] -- C:\Programme\WinClamAVShield [2011.02.03 04:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.02.03 03:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.02.03 03:40:35 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2011.02.02 22:09:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.02.02 22:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.02.02 22:09:27 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.02.02 22:09:22 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.02.02 22:09:22 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.02.02 22:09:22 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.02.02 22:07:57 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.02.02 22:07:54 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.02.02 22:05:17 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2011.02.02 22:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2011.02.02 16:57:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.02.02 16:57:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.02.02 16:57:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.02.02 01:24:39 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Spyware Terminator [2011.02.02 01:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator [2011.02.02 01:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2011.02.02 01:22:16 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2011.02.02 00:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.02.02 00:02:52 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.02.02 00:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.02.01 15:18:13 | 000,000,000 | ---D | C] -- C:\PerfLogs [2011.01.31 15:35:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.31 15:35:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.31 15:35:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.31 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Catuser [2011.01.30 22:06:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe [2011.01.30 22:05:54 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL [2011.01.30 22:05:54 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll [2011.01.30 22:05:54 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll [2011.01.30 22:05:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2011.01.30 22:05:53 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL [2011.01.30 22:05:53 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL [2011.01.30 22:05:53 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL [2011.01.30 22:05:53 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL [2011.01.30 22:05:53 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL [2011.01.30 22:05:53 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll [2011.01.30 22:05:52 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011.01.30 22:05:52 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL [2011.01.30 22:05:51 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL [2011.01.30 22:05:50 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL [2011.01.30 22:05:48 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.01.30 22:05:48 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll [2011.01.30 22:05:47 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2011.01.30 22:05:46 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2011.01.30 22:05:46 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll [2011.01.30 22:05:44 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe [2011.01.30 22:05:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll [2011.01.30 22:05:21 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll [2011.01.30 22:05:19 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe [2011.01.30 22:05:19 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL [2011.01.30 22:05:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe [2011.01.30 22:05:18 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe [2011.01.30 22:05:18 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll [2011.01.30 22:05:13 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2011.01.30 22:05:12 | 000,336,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll [2011.01.30 22:05:12 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll [2011.01.30 22:05:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe [2011.01.30 22:05:12 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll [2011.01.30 22:05:11 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll [2011.01.30 22:05:11 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll [2011.01.30 22:05:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll [2011.01.30 22:05:10 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2011.01.30 22:05:10 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll [2011.01.30 22:05:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe [2011.01.30 22:05:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll [2011.01.30 22:05:09 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll [2011.01.30 22:05:07 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2011.01.30 22:05:07 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2011.01.30 22:05:03 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll [2011.01.30 22:04:57 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll [2011.01.30 22:04:56 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.01.30 22:04:56 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL [2011.01.30 22:04:56 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL [2011.01.30 22:04:55 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL [2011.01.30 22:04:54 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL [2011.01.30 22:04:54 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll [2011.01.30 22:04:54 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll [2011.01.30 22:04:54 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.30 22:04:54 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll [2011.01.30 22:04:53 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll [2011.01.30 22:04:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll [2011.01.30 22:04:53 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll [2011.01.30 22:04:52 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2011.01.30 22:04:52 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2011.01.30 22:04:52 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll [2011.01.30 22:04:51 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2011.01.30 22:04:51 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2011.01.30 22:04:51 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2011.01.30 22:04:51 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2011.01.30 22:04:51 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2011.01.30 22:04:49 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2011.01.30 22:04:48 | 001,186,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2011.01.30 22:04:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll [2011.01.30 22:04:48 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2011.01.30 22:04:48 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2011.01.30 22:04:47 | 000,939,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2011.01.30 22:04:47 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2011.01.30 22:04:37 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll [2011.01.30 22:04:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll [2011.01.30 22:04:23 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2011.01.30 22:04:17 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.30 22:04:17 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.29 01:40:29 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\Adventskalender [2011.01.26 22:50:21 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NevoSoft Games [2011.01.24 21:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames [2011.01.17 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper [2011.01.17 15:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper [2011.01.17 15:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youda Sushi Chef [2011.01.15 02:04:21 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\GestaltGames [2011.01.12 00:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2011.01.11 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Friday's games [2011.01.11 14:58:20 | 000,000,000 | ---D | C] -- C:\Programme\Ski Resort Mogul [2011.01.11 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\My Games ========== Files - Modified Within 30 Days ========== [2011.02.09 00:35:48 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.09 00:35:48 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.09 00:35:48 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.09 00:35:48 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.09 00:20:37 | 000,088,915 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.09 00:20:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.09 00:14:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.09 00:14:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.09 00:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 23:57:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Xxx\Desktop\OTL.exe [2011.02.08 19:53:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.02.08 19:05:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 16:49:01 | 000,000,364 | ---- | M] () -- C:\Windows\Brownie.ini [2011.02.08 15:53:49 | 000,035,058 | ---- | M] () -- C:\Users\Xxx\Desktop\Logfile of Spyware Terminator neu.docx [2011.02.08 15:08:19 | 000,088,915 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.07 22:53:54 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.07 22:52:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.02.05 23:24:34 | 000,029,533 | ---- | M] () -- C:\Users\Xxx\Desktop\Logfile of Spyware Terminator v2.docx [2011.02.03 04:11:59 | 000,002,433 | ---- | M] () -- C:\Users\Xxx\Desktop\Rxxx.lnk [2011.02.03 04:02:19 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.02.02 22:09:29 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.02.02 22:09:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.02.02 01:25:35 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk [2011.02.02 01:24:48 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.02.02 00:04:01 | 000,001,057 | ---- | M] () -- C:\Users\Xxx\Desktop\Spybot - Search & Destroy.lnk [2011.02.01 15:58:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.02.01 15:58:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.02.01 15:25:51 | 000,271,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.01 15:06:09 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011.02.01 15:06:01 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011.01.31 13:55:32 | 000,955,342 | ---- | M] () -- C:\Users\Xxx\Desktop\MTS_Goldeneyes_1171941_Intensity_Defaults_by_GE.rar [2011.01.27 12:41:14 | 005,096,510 | ---- | M] () -- C:\Users\Xxx\Desktop\HNC.sims3pack [2011.01.24 19:21:08 | 002,300,250 | ---- | M] () -- C:\Users\Xxx\Desktop\Jeans - Evie.sims3pack [2011.01.13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.01.13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.01.13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.01.13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.01.13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.01.13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.01.13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys ========== Files Created - No Company Name ========== [2011.02.08 15:53:45 | 000,035,058 | ---- | C] () -- C:\Users\Xxx\Desktop\Logfile of Spyware Terminator neu.docx [2011.02.07 22:53:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.07 22:52:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.02.05 23:24:34 | 000,029,533 | ---- | C] () -- C:\Users\Xxx\Desktop\Logfile of Spyware Terminator v2.docx [2011.02.03 04:02:19 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.02.02 22:09:28 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.02.02 01:25:32 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk [2011.02.02 01:24:47 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.02.02 00:04:01 | 000,001,057 | ---- | C] () -- C:\Users\Xxx\Desktop\Spybot - Search & Destroy.lnk [2011.02.01 15:58:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.02.01 15:58:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.01.31 13:55:20 | 000,955,342 | ---- | C] () -- C:\Users\Xxx\Desktop\MTS_Goldeneyes_1171941_Intensity_Defaults_by_GE.rar [2011.01.31 13:48:56 | 002,281,559 | ---- | C] () -- C:\Users\Xxx\Desktop\An den Starnbergfällen 4.Sims3Pack [2011.01.30 01:32:10 | 002,474,932 | ---- | C] () -- C:\Users\Xxx\Desktop\D&G_satin jeans_jla43.sims3pack [2011.01.30 01:32:10 | 002,300,250 | ---- | C] () -- C:\Users\Xxx\Desktop\Boyfriend Jeans - Evie.sims3pack [2011.01.30 01:32:09 | 009,550,554 | ---- | C] () -- C:\Users\Xxx\Desktop\BaggierJeansMale.sims3pack [2011.01.30 01:32:08 | 002,867,410 | ---- | C] () -- C:\Users\Xxx\Desktop\pyszny16_sweater_for_man.sims3pack [2011.01.30 01:32:08 | 002,348,196 | ---- | C] () -- C:\Users\Xxx\Desktop\Layered Pullover.sims3pack [2011.01.30 01:32:07 | 005,096,510 | ---- | C] () -- C:\Users\Xxx\Desktop\HNC.sims3pack [2011.01.30 01:32:07 | 000,711,272 | ---- | C] () -- C:\Users\Xxx\Desktop\dieseljeansmendark.sims3pack [2010.01.28 00:22:03 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2010.01.28 00:22:03 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2010.01.28 00:22:03 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2010.01.28 00:22:03 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2010.01.28 00:21:53 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.01.28 00:21:21 | 000,000,364 | ---- | C] () -- C:\Windows\Brownie.ini [2010.01.21 09:28:48 | 000,000,454 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2009.07.02 17:53:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.02 17:53:30 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.10.19 20:12:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.10.18 00:39:50 | 000,000,680 | ---- | C] () -- C:\Users\Xxx\AppData\Local\d3d9caps.dat [2008.09.19 22:20:13 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.06.24 10:31:59 | 000,088,915 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.24 10:29:54 | 000,088,915 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.06.24 09:56:21 | 000,028,672 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.20 22:02:03 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.06.20 22:02:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.06.20 14:36:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.07.25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Programme\navigram_register.exe [2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.02.2011 00:38:36 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Xxx\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,27 Gb Total Space | 115,55 Gb Free Space | 52,46% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,65 Gb Free Space | 46,47% Space Free | Partition Type: NTFS Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: XXXS-PC | User Name: Xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{530E6E23-890C-4793-BC0C-049378C6B5F3}" = lport=2869 | protocol=6 | dir=in | app=system | "{F6DBDD73-FA2E-43C5-94D3-D88DD73A6D78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C4F6CB-5964-4FE8-9D24-F258DA1B5D06}" = protocol=17 | dir=in | app=c:\program files\myplaycity toolbar\toolbarupdate.exe | "{07E2FFB3-9370-4886-B204-665D64105964}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{0D3FFF24-B658-4417-BFD0-E61B0321C359}" = protocol=6 | dir=in | app=c:\program files\myplaycity toolbar\troubleshooter.exe | "{13D80338-F9F2-4DD6-A5DB-AB6BEFBF3F31}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{185CA049-58DD-45EF-A206-C9BC51352CA5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1E41D6EC-39E1-4317-873F-7A22352B080E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{1E8A7486-762A-4D1E-AEE6-DC6847569ABA}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{232AE682-D1B5-4BCA-9EF0-072F517857E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{2A7C3070-B963-4ACD-B4F5-D057A7B7C1DA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{2B8589C5-4883-46A6-90B4-9D1209848656}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{2BA6830B-AE94-4FD5-8133-EF98FA9DCE8D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{2C2CC599-740B-4B0C-BAA2-4690E30F0CA8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{48E33B71-163B-4F08-A82C-8BDE55ACA406}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{503D9218-CD12-4BE4-A134-A6DDF7033531}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{5A44D936-8D76-4562-B665-082E607EF1D9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{5D862D6C-7E47-4979-9725-315FBDF579CC}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{63D3E3AD-9D54-4FB5-8C32-83887F7CF5A2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{71B85173-C0BE-4A0D-ACDD-C5C0360F0326}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{89BCD126-87C5-4C6B-8E8A-1F0B7985AACA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{9C7E0AA2-F1CE-44B7-8768-D031784E75D9}" = protocol=17 | dir=in | app=c:\program files\myplaycity toolbar\troubleshooter.exe | "{A601CD71-8EBD-44FB-8C94-6EAD291BC61D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{A9413DFB-4B69-4393-B0B8-112EE5C466EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB6F695D-3448-45A5-98C8-D7496D623AB7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{ADAE3610-D400-4482-AD47-7E7E38D9898F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B8C11E4F-1BBC-4693-9245-8F8F0D3B6951}" = protocol=6 | dir=in | app=c:\program files\myplaycity toolbar\toolbarupdate.exe | "{B98068D4-FB62-481A-80A2-2C3CCF85FC2B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{C6E4EA01-1F3E-430A-A611-EE3205C6F679}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CBC2ADEE-9EC4-49BA-9A68-E3BE87A7781C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{E1B1A9B6-D998-4F6A-B463-D887F2C8D584}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{E4A55CAB-E407-4D58-A208-13B92B39B82D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{E4B84C38-211D-4FC3-9241-95BFD6C50279}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{E6B4022E-069F-43B7-859C-ECB25B014DF0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F2605163-C446-4FCF-BE28-92928F2512B4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "TCP Query User{0A5B7FA2-1DE6-426A-89D2-763CD70897C2}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{243715B0-9532-409D-8235-C550BDEC4B6E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{5CFA3E93-5A57-4B85-9C89-C831AFE3E0F8}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{65F3C1A3-07BF-4172-9B93-00640C0B1563}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe | "TCP Query User{B3F33E16-BB8F-45A1-A7D7-6E40E12309C6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{B69D7CCB-BF3A-4B63-AECB-1BBBE654B9E2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E030C8EF-2740-47EE-8A6B-24E98D0A2DEE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{E2F49D89-A02D-49CE-BB71-0C166419A9E7}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{F5936210-9AEB-43F3-ABBD-FDEE988D43DA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{FB4FFC04-F700-4633-8BD7-C34ADDF34B6C}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe | "UDP Query User{056D796F-F0E2-40A7-AFB6-9056283FF1CA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{30A08884-354C-45A8-8B26-77A9B85190F4}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{4CB92EA5-3091-4087-8B8B-91CA6A14A456}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{50DA05D1-8FE2-4E5F-9144-0DA6D2DE1A13}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{650FA832-38DC-4CBB-9141-8F351D030701}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe | "UDP Query User{8D20E12A-4D90-4D3C-9710-CC0EE165B6FC}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe | "UDP Query User{C1485A20-1B78-4E1B-9529-4460A4868EBB}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{CAB919D3-FE8F-4FCD-AB42-8DFA06390C6F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{D48A393C-E566-498B-9E2D-20C63556C561}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{D7309F6A-D871-431B-BCA2-4F34169C94B3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes "{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B066C19-196C-423A-B296-805FFBAEC384}" = SCR33xx USB Smartcard Reader "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B01ED126-67BD-4878-863C-FE1207CF0949}" = Mindjet MindManager 8 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E06F91DB-9DA5-41F9-9941-6B0802236A44}" = Rxxx "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EFE61F50-A8C1-4947-B75A-6457B29A4C91}" = Brother HL-2030 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "avast5" = avast! Free Antivirus "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "Digital Editions" = Adobe Digital Editions "dm Fotowelt" = dm Fotowelt "Empire Builder - Ancient Egypt_is1" = Empire Builder - Ancient Egypt "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Farm Frenzy 3 American Pie" = Farm Frenzy 3 American Pie "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "GoToAssist" = GoToAssist 8.0.0.514 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "Jenny's Fish Shop_is1" = Jenny's Fish Shop "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NVIDIA Drivers" = NVIDIA Drivers "Party Down_is1" = Party Down "PDF-XChange 3_is1" = PDF-XChange 3 "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.0 "ProInst" = Intel(R) PROSet/Wireless Software "Spyware Terminator_is1" = Spyware Terminator "Tobit ClipInc Server" = Tobit.Software clipinc.fx "TS3 Install Helper Monkey" = TS3 Install Helper Monkey "Uninstall_is1" = Uninstall 1.0.0.1 "WinRAR archiver" = WinRAR "Youda Survivor" = Youda Survivor "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.04.2010 19:09:17 | Computer Name = Xxxs-PC | Source = Perflib | ID = 1008 Description = Error - 01.04.2010 19:09:17 | Computer Name = Xxxs-PC | Source = Perflib | ID = 1005 Description = Error - 01.04.2010 19:09:17 | Computer Name = Xxxs-PC | Source = Perflib | ID = 1017 Description = Error - 01.04.2010 19:09:20 | Computer Name = Xxxs-PC | Source = usbperf | ID = 2004 Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit einem nicht unterstützten Abfragetyp aufgerufen. Error - 01.04.2010 19:11:25 | Computer Name = Xxxs-PC | Source = usbperf | ID = 2004 Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit einem nicht unterstützten Abfragetyp aufgerufen. Error - 01.04.2010 19:17:25 | Computer Name = Xxxs-PC | Source = usbperf | ID = 2004 Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit einem nicht unterstützten Abfragetyp aufgerufen. Error - 08.04.2010 13:29:04 | Computer Name = Xxxs-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.1.0.137, Zeitstempel 0x46444e37, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0a0d0d2e, Prozess-ID 0x17d4, Anwendungsstartzeit 01cad740fbc1a924. Error - 10.04.2010 19:34:44 | Computer Name = Xxxs-PC | Source = VSS | ID = 8194 Description = Error - 10.04.2010 19:48:28 | Computer Name = Xxxs-PC | Source = VSS | ID = 8194 Description = Error - 10.04.2010 19:50:36 | Computer Name = Xxxs-PC | Source = System Restore | ID = 8193 Description = [ OSession Events ] Error - 29.03.2010 12:13:21 | Computer Name = Xxxs-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5285 seconds with 3780 seconds of active time. This session ended with a crash. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Vielen Dank und viele Grüße! |
10.02.2011, 12:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.ast Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL O4 - HKCU..\Run: [Comtab] C:\Users\Xxx\AppData\Roaming\Catuser\olems.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.06.27 10:12:50 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{2626c789-b1e0-11dd-8008-001f3bc098d9}\Shell - "" = AutoRun O33 - MountPoints2\{2626c789-b1e0-11dd-8008-001f3bc098d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6b1b37af-693d-11dd-8583-001fe1ddc069}\Shell - "" = AutoRun O33 - MountPoints2\{6b1b37af-693d-11dd-8583-001fe1ddc069}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\{f236cc17-9e00-11dd-815e-001f3bc098d9}\Shell - "" = AutoRun O33 - MountPoints2\{f236cc17-9e00-11dd-815e-001f3bc098d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f236cc44-9e00-11dd-815e-001f3bc098d9}\Shell - "" = AutoRun O33 - MountPoints2\{f236cc44-9e00-11dd-815e-001f3bc098d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
14.02.2011, 01:03 | #9 |
| Backdoor.Shark.ast Hallo Arne, werde die Anweisungen morgen ausführen, hatte bis jetzt keine Zeit. Wollte nur kurz Bescheid geben, damit der Thread nicht geschlossen wird. Grüße, Islay |
17.02.2011, 23:33 | #10 |
| Backdoor.Shark.ast Hallo, bin endlich dazu gekommen, den Text in OTL auszuführen. Hier das Logfile dazu: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Comtab deleted successfully. C:\Users\Xxx\AppData\Roaming\Catuser\olems.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File move failed. E:\Autorun.exe scheduled to be moved on reboot. File move failed. E:\Autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2626c789-b1e0-11dd-8008-001f3bc098d9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2626c789-b1e0-11dd-8008-001f3bc098d9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2626c789-b1e0-11dd-8008-001f3bc098d9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2626c789-b1e0-11dd-8008-001f3bc098d9}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b1b37af-693d-11dd-8583-001fe1ddc069}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b1b37af-693d-11dd-8583-001fe1ddc069}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b1b37af-693d-11dd-8583-001fe1ddc069}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b1b37af-693d-11dd-8583-001fe1ddc069}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{762bb85b-3ec9-11dd-b419-806e6f6e6963}\ not found. File move failed. E:\Autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f236cc17-9e00-11dd-815e-001f3bc098d9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f236cc17-9e00-11dd-815e-001f3bc098d9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f236cc17-9e00-11dd-815e-001f3bc098d9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f236cc17-9e00-11dd-815e-001f3bc098d9}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f236cc44-9e00-11dd-815e-001f3bc098d9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f236cc44-9e00-11dd-815e-001f3bc098d9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f236cc44-9e00-11dd-815e-001f3bc098d9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f236cc44-9e00-11dd-815e-001f3bc098d9}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\AutoRun.exe not found. ADS C:\ProgramData\TEMP:C895616B deleted successfully. ADS C:\ProgramData\TEMP:517B507A deleted successfully. ADS C:\ProgramData\TEMP:CB0FEE2B deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Xxx ->Temp folder emptied: 4182271 bytes ->Temporary Internet Files folder emptied: 722861031 bytes ->Java cache emptied: 8913799 bytes ->FireFox cache emptied: 81194281 bytes ->Flash cache emptied: 357485 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1380665 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 781,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02172011_231118 Files\Folders moved on Reboot... File move failed. E:\Autorun.exe scheduled to be moved on reboot. File move failed. E:\Autorun.inf scheduled to be moved on reboot. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
17.02.2011, 23:37 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.ast Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.02.2011, 00:11 | #12 |
| Backdoor.Shark.ast Hi Arne, hier das Logfile von Combofix: Code:
ATTFilter ComboFix 11-02-17.01 - xxx 19.02.2011 23:40:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1934 [GMT 1:00] ausgeführt von:: c:\users\xxx\Desktop\cofi.exe AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Desktop Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert Kopie von - c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys wurde wiederhergestellt . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Boonty Games -------\Service_usnjsvc ((((((((((((((((((((((( Dateien erstellt von 2011-01-19 bis 2011-02-19 )))))))))))))))))))))))))))))) . 2011-02-19 22:30 . 2011-02-19 22:30 -------- d-----w- c:\program files\CCleaner 2011-02-17 22:11 . 2011-02-17 22:11 -------- d-----w- C:\_OTL 2011-02-07 21:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-07 21:53 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-07 20:50 . 2011-02-07 20:50 -------- d-----w- c:\programdata\WindowsSearch 2011-02-07 20:33 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{066095A5-D75A-438A-963A-C379A375EAD5}\mpengine.dll 2011-02-05 01:33 . 2011-02-05 01:33 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes 2011-02-05 01:32 . 2011-02-05 01:32 -------- d-----w- c:\programdata\Malwarebytes 2011-02-05 01:32 . 2011-02-07 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-03 17:35 . 2011-02-08 00:22 -------- d-----w- c:\program files\WinClamAVShield 2011-02-03 03:02 . 2010-12-03 19:43 555752 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2011-02-03 02:40 . 2011-02-03 02:40 -------- d-----w- c:\program files\Lavalys 2011-02-02 21:09 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-02 21:09 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-02 21:09 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-02 21:09 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-02 21:09 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-02-02 21:07 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr 2011-02-02 21:07 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-02 21:05 . 2011-02-02 21:05 -------- d-----w- c:\programdata\Alwil Software 2011-02-02 21:05 . 2011-02-02 21:05 -------- d-----w- c:\program files\Alwil Software 2011-02-02 15:57 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-02-02 15:57 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-02-02 15:57 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-02-02 15:57 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-02-02 15:57 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-02-02 00:24 . 2011-02-02 00:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2011-02-02 00:24 . 2011-02-19 22:24 -------- d-----w- c:\users\xxx\AppData\Roaming\Spyware Terminator 2011-02-02 00:22 . 2011-02-08 18:52 -------- d-----w- c:\programdata\Spyware Terminator 2011-02-02 00:22 . 2011-02-09 22:31 -------- d-----w- c:\program files\Spyware Terminator 2011-02-01 23:02 . 2011-02-19 22:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-02-01 23:02 . 2011-02-08 00:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-01 14:18 . 2011-02-01 14:18 -------- d-----w- C:\PerfLogs 2011-01-31 13:39 . 2011-02-17 22:11 -------- d-----w- c:\users\xxx\AppData\Roaming\Catuser 2011-01-30 21:06 . 2008-01-05 11:21 28672 ----a-w- c:\windows\system32\TsWpfWrp.exe 2011-01-30 21:04 . 2008-01-19 07:35 154624 ----a-w- c:\windows\system32\nlmgp.dll 2011-01-26 21:50 . 2011-01-26 21:50 -------- d-----w- c:\users\xxx\AppData\Roaming\NevoSoft Games 2011-01-24 20:11 . 2011-01-24 20:11 -------- d-----w- c:\programdata\SugarGames . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-01 14:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-02-01 14:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-12-25 11:18 . 2010-12-25 11:18 1222408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-03-28 18:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-03-28 18:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ClipIncSrvTray"="c:\program files\Tobit ClipInc\Player\ClipIncTray.exe" [2009-03-16 668424] "phonostarTimer"="c:\program files\phonostar-Player\phonostarTimer.exe" [2009-09-28 36864] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-02 3318784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-12-07 38240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-04-09 166432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-09 13515296] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-09 92704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-04-09 92704] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-06-20 13:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-28 18:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664] R3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2005-08-25 45568] R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2009-10-25 57600] R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408] S1 aswSP;aswSP; [x] S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-02-02 142592] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners 2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 23:20] 2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 23:20] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hz63zn13.ProfilNeu\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - Entfernte verwaiste Registrierungseinträge - - - - URLSearchHooks-{3a750e59-9048-456b-a7f9-4d22dcb583f3} - (no file) HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe ************************************************************************** Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2870450824-3487905628-2084903770-1000\Software\SecuROM\License information*] "datasecu"=hex:dd,a1,78,18,42,7b,66,6a,19,3d,e8,84,79,15,bc,5c,3c,0b,12,8c,68, d8,8e,3e,35,c5,be,9c,f8,f4,f2,31,3b,6d,e7,fb,e4,f8,23,31,7c,6e,d2,38,2e,ee,\ "rkeysecu"=hex:f8,2e,ac,40,0f,ef,9c,19,c2,5a,09,07,9c,23,eb,f0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3BE6A37130464*115AF3000972A8B18B] "5C1093C35543A0E32A41B90A305076A"="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6331DFBDA00CA0F4E9637*9165D42979] "5C1093C35543A0E32A41B090A30506A"="c:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscordbi.dll" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(1104) c:\program files\Protector Suite QL\farchns.dll c:\program files\Protector Suite QL\infra.dll c:\windows\system32\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Protector Suite QL\upeksvr.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\STacSV.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-02-20 00:05:26 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-02-19 23:05 Vor Suchlauf: 12 Verzeichnis(se), 125.008.928.768 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 124.887.900.160 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - C4391F8A3ECDED49B75250C851861D27 Noch eine Frage: Ist es normal, dass ich vom Desktop aus keine Office Datei+ Adobe etc. mehr öffnen kann? Vielen Dank im Voraus! Gruß Islay Geändert von Islay (20.02.2011 um 00:24 Uhr) |
20.02.2011, 00:35 | #13 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.astZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.02.2011, 00:42 | #14 |
| Backdoor.Shark.ast Hi, gerade durchgeführt, klappt wieder . Gruß Islay |
20.02.2011, 00:55 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Shark.ast Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Backdoor.Shark.ast |
aufsetzen, dateien, daten, direkt, forum, frage, fragen, google, hallo zusammen, infiziert, internet, komplett, langsam, laptop, mozilla, neu, neu aufsetzen, nichts, ordner, passwörter, programm, regeln, spyware, spyware terminator, system, trojaner, zusammen |