| |
| |||||||
Log-Analyse und Auswertung: Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.03.2011, 00:07
| #1 |
 |  Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hallo, ich habe seit einigen Tagen ein Problem mit den oben genannten Schädlingen. Es fing an, als ich eine Website besuchte & kurz danach mein Browser (Firefox) abstürzte. Habe mir nichts dabei gedacht, da er desöfteren mal abstürzt. Am nächsten Tag als ich den PC anmachte, kamen dann zum ersten mal Meldungen von AntiVir, dass sowohl Ramnit.C und HTML/Drop.Agent.AB gefunden wurden. Als ich die Meldung entweder mit "Löschen" oder "Zugriff verweigern" schloss, kamen direkt 2 Neue. Es waren immer nur HTML-Dateien. Der Ordner war immer "Temporary Internet Files" in C://Users/***/AppData/blablabla.. Hier war jedoch nichts, darauf entdeckte ich den versteckten Ordner "content.IE5". Google-Recherchen haben ergeben dass dieser Ordner unbedenklich geleert werden kann. Dies habe ich getan und es war Ruhe. Später am selben Tag kamen die Meldungen wieder, diesmal aus einem anderen "Temp" Ordner (ebenfalls ein "Temp. Internet Files" Unterordner war dort drin). Nachdem ich diesen auch geleert habe war wieder Ruhe. Heute morgen kamen erneut Meldungen, jedoch von einer .EXE Datei in einem weiteren Temp-Ordner. Nachdem ich diese löschte war Ruhe bis jetzt. Alle Funde waren immer in Unterordnern des Verzeichnisses C://Users/***/AppData, nie außerhalb von diesem Verzeichnis. Ich hoffe ich habe es verständlich genug erklärt, auch wenn es ein wenig verwirrend klingt. Nun würde ich gerne wissen, ob mein System infiziert ist und ich irgendetwas Bösartiges auf dem Rechner habe oder ob ich die vereinzelten Dateien schnell genug entsorgt habe ohne dass sich etwas groß ausgeweitet habe, falls das überhaupt möglich ist. Mir ist nämlich durchaus klar, dass es nicht unbedingt heißt dass es weg ist, nur weil die Anzeichen und Meldungen dafür weg sind. Ich habe nun mal die benötigten Scans gemacht und würde mich freuen wenn jemand sich das mal angucken konnte, ob sich da was eingenistet hat. Windows 7 läuft ca seit einem halben Jahr und habe seitdem noch keine Scans oder so durchgeführt, hatte aber auch noch nie Probleme. Schon einmal vielen Dank im Vorraus! Otl.txt Code:
ATTFilter OTL logfile created on: 29.03.2011 23:52:01 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*****\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 14,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 8,66 Gb Free Space | 11,30% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2011.03.23 20:38:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.09.23 19:14:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.09.23 19:14:29 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe ========== Modules (SafeList) ========== MOD - [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe MOD - [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.04 00:06:52 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.09.23 19:14:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.09.23 19:14:29 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV - [2010.10.03 15:54:15 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.07 23:07:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 19:14:29 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.06.25 11:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM) DRV - [2006.11.08 04:09:00 | 000,077,772 | R--- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb) DRV - [2006.11.02 01:36:42 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.09.28 14:10:52 | 000,011,648 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gggen.sys -- (gggen) DRV - [2003.10.15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 7D A3 40 C0 E8 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009.10.28 20:51:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 20:38:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 20:38:38 | 000,000,000 | ---D | M] [2009.08.24 00:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.03.29 19:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions [2009.12.28 02:35:46 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.01.06 18:55:08 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.01.11 13:44:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.02.10 19:41:25 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011.01.06 18:55:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.05 21:19:21 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.02.10 19:43:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.02.10 19:42:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\firebug@software.joehewitt.com [2011.02.10 19:43:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\foxyproxy@eric.h.jung [2010.10.31 16:39:39 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\nasanightlaunch@example.com [2010.10.31 16:39:49 | 000,000,000 | ---D | M] (Personas) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\personas@christopher.beard [2010.10.24 18:57:25 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\vshare@toolbar [2009.10.28 20:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.26 00:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.06.27 13:31:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.27 13:31:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.27 13:31:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.27 13:31:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.27 13:31:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.10 22:44:49 | 000,001,190 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Lexmark 1200 Series - hkey= - key= - File not found MsConfig - StartUpReg: NapsterShell - hkey= - key= - File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.03.29 23:50:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.29 23:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.29 23:50:06 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.29 23:41:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\*****\Desktop\Erunt-setup.exe [2011.03.29 23:41:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.03.29 23:41:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\TFC.exe [2011.03.28 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\kskkabxn [2011.03.27 22:25:04 | 002,066,439 | ---- | C] (murb.com ) -- C:\Users\*****\Desktop\ICQ Status Checker 1.7 Setup.exe [2011.03.15 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\iphone-bilder [2011.03.06 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Silla - Sillainstinkt (2011) [2011.03.02 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2011.03.02 17:20:57 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.03.12 04:47:48 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2010.03.12 04:47:48 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2010.03.12 04:47:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2010.03.12 04:47:48 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2010.03.12 04:47:48 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2010.03.12 04:47:48 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2010.03.12 04:47:48 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2010.03.12 04:47:48 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2010.03.12 04:47:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2010.03.12 04:47:47 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2010.03.12 04:47:47 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2010.03.12 04:47:47 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2010.03.12 04:47:47 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2010.03.12 04:47:47 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2010.03.12 04:47:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe ========== Files - Modified Within 30 Days ========== [2011.03.29 23:50:08 | 000,000,894 | ---- | M] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2011.03.29 23:50:08 | 000,000,875 | ---- | M] () -- C:\Users\*****\Desktop\ERUNT.lnk [2011.03.29 23:42:47 | 000,301,568 | ---- | M] () -- C:\Users\*****\Desktop\g2m3e4r.exe [2011.03.29 23:42:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\*****\Desktop\Erunt-setup.exe [2011.03.29 23:42:14 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\TFC.exe [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.03.29 23:37:43 | 000,377,280 | ---- | M] () -- C:\Users\*****\Desktop\Load.exe [2011.03.29 23:08:08 | 000,019,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 23:08:08 | 000,019,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 22:57:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.29 22:57:22 | 402,104,320 | -HS- | M] () -- C:\hiberfil.sys [2011.03.28 16:19:14 | 000,648,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.28 16:19:14 | 000,611,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.28 16:19:14 | 000,128,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.28 16:19:14 | 000,105,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.28 02:24:05 | 002,092,375 | ---- | M] () -- C:\Users\*****\Desktop\Norris_kittens.gif [2011.03.27 22:24:00 | 002,042,105 | ---- | M] () -- C:\Users\*****\Desktop\icq_status_checker17.zip [2011.03.24 19:40:39 | 000,349,173 | ---- | M] () -- C:\Users\*****\Desktop\Deutsch_-_Abi_.pdf [2011.03.22 17:47:29 | 000,407,095 | ---- | M] () -- C:\Users\*****\Desktop\193551_173517192699699_100001242598946_430179_7930050_o.jpg [2011.03.16 01:03:30 | 000,080,374 | ---- | M] () -- C:\Users\*****\Desktop\01_breno_gross.jpg [2011.03.15 18:56:02 | 000,613,401 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt2.png [2011.03.15 18:50:00 | 000,656,921 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt.png [2011.03.15 18:05:00 | 001,128,402 | ---- | M] () -- C:\Users\*****\Desktop\haftbefehl.wav [2011.03.13 18:01:53 | 000,000,124 | ---- | M] () -- C:\Users\*****\Documents\ax_files.xml [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\*****\Desktop\Anleitung.html [2011.03.11 23:19:58 | 002,979,245 | ---- | M] () -- C:\Users\*****\Desktop\Echte Musik- H.A.F.T [Full Version_High Quality] Haftbefehl.mp3 [2011.03.11 23:13:31 | 002,855,947 | ---- | M] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:06:27 | 001,235,799 | ---- | M] () -- C:\Users\*****\Desktop\jaftcriut.rar [2011.03.11 23:05:10 | 006,376,571 | ---- | M] () -- C:\Users\*****\Desktop\Haftbefehl feat. Twin, Criz & Silla - Columbine.mp3 [2011.03.10 20:08:15 | 000,048,286 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109 (Large).JPG [2011.03.10 19:48:46 | 002,810,562 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109.JPG_effected.jpg [2011.03.10 19:33:05 | 008,559,997 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109.JPG [2011.03.08 01:24:39 | 000,005,912 | ---- | M] () -- C:\Users\*****\Desktop\c366cc4f0ddea1a830a8cb42187f7f11.dlc [2011.03.04 23:22:05 | 166,689,481 | ---- | M] () -- C:\Users\*****\Desktop\Si-Sill.rar [2011.03.02 17:27:42 | 000,000,532 | ---- | M] () -- C:\Windows\eReg.dat [2011.03.02 17:27:21 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk ========== Files Created - No Company Name ========== [2011.03.29 23:50:08 | 000,000,894 | ---- | C] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2011.03.29 23:50:08 | 000,000,875 | ---- | C] () -- C:\Users\*****\Desktop\ERUNT.lnk [2011.03.29 23:41:37 | 000,301,568 | ---- | C] () -- C:\Users\*****\Desktop\g2m3e4r.exe [2011.03.29 23:37:11 | 000,377,280 | ---- | C] () -- C:\Users\*****\Desktop\Load.exe [2011.03.28 02:24:05 | 002,092,375 | ---- | C] () -- C:\Users\*****\Desktop\Norris_kittens.gif [2011.03.27 22:22:48 | 002,042,105 | ---- | C] () -- C:\Users\*****\Desktop\icq_status_checker17.zip [2011.03.24 19:40:33 | 000,349,173 | ---- | C] () -- C:\Users\*****\Desktop\Deutsch_-_Abi_.pdf [2011.03.22 17:47:08 | 000,407,095 | ---- | C] () -- C:\Users\*****\Desktop\193551_173517192699699_100001242598946_430179_7930050_o.jpg [2011.03.16 01:03:30 | 000,080,374 | ---- | C] () -- C:\Users\*****\Desktop\01_breno_gross.jpg [2011.03.15 18:56:01 | 000,613,401 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt2.png [2011.03.15 18:47:55 | 000,656,921 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt.png [2011.03.15 18:04:59 | 001,128,402 | ---- | C] () -- C:\Users\*****\Desktop\haftbefehl.wav [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\*****\Desktop\Anleitung.html [2011.03.11 23:19:01 | 002,979,245 | ---- | C] () -- C:\Users\*****\Desktop\Echte Musik- H.A.F.T [Full Version_High Quality] Haftbefehl.mp3 [2011.03.11 23:12:15 | 002,855,947 | ---- | C] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:07:30 | 001,430,288 | ---- | C] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:06:05 | 001,235,799 | ---- | C] () -- C:\Users\*****\Desktop\jaftcriut.rar [2011.03.11 23:02:37 | 006,376,571 | ---- | C] () -- C:\Users\*****\Desktop\Haftbefehl feat. Twin, Criz & Silla - Columbine.mp3 [2011.03.10 20:08:14 | 000,048,286 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109 (Large).JPG [2011.03.10 19:47:42 | 002,810,562 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109.JPG_effected.jpg [2011.03.10 19:29:54 | 008,559,997 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109.JPG [2011.03.08 01:24:37 | 000,005,912 | ---- | C] () -- C:\Users\*****\Desktop\c366cc4f0ddea1a830a8cb42187f7f11.dlc [2011.03.04 22:14:59 | 166,689,481 | ---- | C] () -- C:\Users\*****\Desktop\Si-Sill.rar [2011.03.02 17:46:39 | 003,462,144 | ---- | C] () -- C:\Users\*****\Desktop\BF1942MiniImage-RixN.mdf [2011.03.02 17:46:39 | 000,000,682 | ---- | C] () -- C:\Users\*****\Desktop\BF1942MiniImage-RixN.mds [2011.03.02 17:27:42 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.02 17:27:21 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2011.01.31 22:15:06 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd [2010.07.19 21:42:43 | 000,000,871 | ---- | C] () -- C:\Users\*****\AppData\Local\Tempwconfig.vbs [2010.07.07 15:07:17 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.06.11 14:50:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe [2010.06.11 14:50:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe [2010.06.11 14:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe [2010.06.09 18:34:21 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.04.30 17:42:57 | 000,000,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\default.pls [2010.03.12 04:47:48 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2010.03.12 04:47:48 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2010.02.23 23:00:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.10 18:42:23 | 000,000,076 | ---- | C] () -- C:\Windows\dellstat.ini [2009.09.10 18:42:14 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini [2009.09.06 23:27:13 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.04 16:32:58 | 000,000,017 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2009.08.27 21:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009.08.27 21:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009.08.27 21:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.08.25 20:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009.08.25 19:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.08.25 18:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.25 18:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.08.23 22:39:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.08.23 18:18:43 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe [2009.08.23 18:18:43 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2009.08.23 18:16:02 | 000,003,305 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2009.07.14 10:47:43 | 000,648,466 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,128,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,285,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,611,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,105,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.02 19:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009.06.02 19:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009.06.02 19:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009.06.02 19:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009.06.02 19:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009.06.02 19:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009.06.02 19:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009.06.02 19:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009.06.02 19:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.01.11 00:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.01.11 00:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.01.11 00:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.01.11 00:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.01.11 00:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2009.01.11 00:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2009.01.11 00:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2009.01.11 00:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.01.11 00:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.01.11 00:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.01.11 00:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2009.01.11 00:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.01.11 00:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008.12.04 00:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll [2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll [2002.08.08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2000.03.29 16:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.10.23 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2010.07.03 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bump Technologies, Inc [2010.01.05 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CoSoSys [2010.07.07 15:01:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2010.02.24 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dev-Cpp [2010.03.08 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org [2010.03.08 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org [2009.10.19 22:18:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GrabPro [2011.03.29 18:28:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.04.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn [2010.03.16 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam [2009.09.16 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer [2009.10.19 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit [2010.11.18 23:27:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Weaverslave [2011.02.06 18:40:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.29 19:13:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.02.19 15:45:25 | 000,000,000 | ---D | M] -- C:\0e43fd6a2253abe81638137a78ad3e [2011.03.28 21:52:44 | 000,000,000 | ---D | M] -- C:\1f5e52860a533b3ecbc90fbfae094d7a [2009.10.15 01:47:26 | 000,000,000 | ---D | M] -- C:\ATI [2009.08.23 18:35:52 | 000,000,000 | -HSD | M] -- C:\Boot [2010.09.28 12:52:21 | 000,000,000 | ---D | M] -- C:\c1743efabefd10f84ef0 [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.08.23 17:46:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.19 22:36:10 | 000,000,000 | ---D | M] -- C:\downloads [2010.03.12 04:46:41 | 000,000,000 | ---D | M] -- C:\lexmark [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.10.28 20:49:42 | 000,000,000 | ---D | M] -- C:\Philips [2011.03.29 23:50:06 | 000,000,000 | R--D | M] -- C:\Programme [2010.11.13 19:50:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.23 17:46:27 | 000,000,000 | -HSD | M] -- C:\Programme [2009.08.23 17:46:28 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.03.29 18:40:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.28 20:58:12 | 000,000,000 | ---D | M] -- C:\temp [2009.08.23 17:46:53 | 000,000,000 | R--D | M] -- C:\Users [2011.03.29 23:50:50 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-29 16:41:22 ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.03.2011 23:52:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*****\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 14,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,69 Gb Total Space | 8,66 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4561 Banner Remover 1.1
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Ultra Edition HD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.106.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AF7EA205-4E09-4889-B58F-16B02707E841}" = SmartStore.biz 3.5
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}" = Image Resizer Powertoy Clone for Windows
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DivX Setup.divx.com" = DivX-Setup
"D-Link VGA Webcam" = D-Link VGA Webcam
"Easy Video Downloader_is1" = Easy Video Downloader v. 2.0
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"GoldWave v5.50" = GoldWave v5.50
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Lexmark 1200 Series" = Lexmark 1200 Series
"MacroX" = MacroX 3.1
"Mafia" = Mafia
"Mafia Game" = Mafia Game
"ManyCam" = ManyCam 2.4 (remove only)
"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"Polipo" = Polipo 1.0.4.1
"QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition
"San Andreas Radio_is1" = San Andreas Radio V1.0
"SopCast" = SopCast 3.3.2
"ThiefGoldDeinstallKey" = Dark Project: Der Meisterdieb Director's Cut
"Tor" = Tor 0.2.1.26
"Vidalia" = Vidalia 0.2.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.03.2011 13:47:56 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x3720dbd6 Name des fehlerhaften Moduls: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x3720dbd6 Ausnahmecode: 0xc0000094 Fehleroffset: 0x003889d7 ID des fehlerhaften
Prozesses: 0xc80 Startzeit der fehlerhaften Anwendung: 0x01cbea4b83f906fd Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Berichtskennung:
d968acb4-563e-11e0-b147-00138f4a0910
Error - 24.03.2011 15:52:09 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.03.2011 11:20:14 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.03.2011 20:59:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4095,
Zeitstempel: 0x000707f3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00028ab2 ID des fehlerhaften
Prozesses: 0x13c Startzeit der fehlerhaften Anwendung: 0x01cbecaf461daf0c Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: a6a42c2a-58d6-11e0-80f2-00138f4a0910
Error - 28.03.2011 11:17:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.03.2011 12:21:21 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.4.0.4561, Zeitstempel:
0x000707f3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x20041b06 ID des fehlerhaften Prozesses:
0x8cc Startzeit der fehlerhaften Anwendung: 0x01cbed5236c6b7e4 Pfad der fehlerhaften
Anwendung: C:\Program Files\ICQ7.4\ICQ.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
6a876746-5957-11e0-8903-00138f4a0910
Error - 28.03.2011 14:52:52 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x000707f3 Name des fehlerhaften Moduls: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x000707f3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003a2a74 ID des fehlerhaften
Prozesses: 0x850 Startzeit der fehlerhaften Anwendung: 0x01cbed79499cacec Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Berichtskennung:
9575f3da-596c-11e0-a0f2-00138f4a0910
Error - 28.03.2011 15:55:07 | Computer Name = *****-PC | Source = System Restore | ID = 8210
Description =
Error - 29.03.2011 12:22:50 | Computer Name = *****-PC | Source = System Restore | ID = 8210
Description =
Error - 29.03.2011 13:02:29 | Computer Name = *****-PC | Source = System Restore | ID = 8209
Description =
[ System Events ]
Error - 29.03.2011 12:30:57 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Defender" wurde nicht richtig gestartet.
Error - 29.03.2011 12:33:17 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 29.03.2011 12:35:14 | Computer Name = *****-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 29.03.2011 12:35:18 | Computer Name = *****-PC | Source = ati2mtag | ID = 52225
Description =
Error - 29.03.2011 16:57:28 | Computer Name = *****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?03.?2011 um 20:44:28 unerwartet heruntergefahren.
Error - 29.03.2011 16:57:16 | Computer Name = *****-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 29.03.2011 16:57:24 | Computer Name = *****-PC | Source = ati2mtag | ID = 52225
Description =
Error - 29.03.2011 17:14:50 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 29.03.2011 17:18:01 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 29.03.2011 17:20:35 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 00:39:22
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ExcelStor_Technology_J880 rev.PF2OA21B
Running: g2m3e4r.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugloipog.sys
---- System - GMER 1.0.15 ----
SSDT 8DFFA3CC ZwCreateThread
SSDT 8DFFA3B8 ZwOpenProcess
SSDT 8DFFA3BD ZwOpenThread
SSDT 8DFFA3C7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A45589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6A092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82A7195C 4 Bytes [CC, A3, FF, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82A71AF8 4 Bytes [B8, A3, FF, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82A71B18 4 Bytes [BD, A3, FF, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A71DC8 4 Bytes [C7, A3, FF, 8D]
.text sptd.sys 86A03000 8 Bytes [A6, F1, E1, 82, A0, 57, E1, ...]
.text sptd.sys 86A03009 23 Bytes [57, E1, 82, 48, 7B, E1, 82, ...]
.text sptd.sys 86A03024 4 Bytes [32, 25, B3, 86]
.text sptd.sys 86A0302C 188 Bytes [4C, 3D, C6, 82, 15, 44, C0, ...]
.text sptd.sys 86A030E9 235 Bytes [0B, A4, 82, 1C, 8E, AB, 82, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x86AFAD38]
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8C825CA0 5 Bytes JMP 85113410
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 83FDA1F8
Device \Driver\usbuhci \Device\USBPDO-0 85117430
Device \Driver\usbuhci \Device\USBPDO-1 85117430
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 85117430
Device \Driver\usbuhci \Device\USBPDO-3 85117430
Device \Driver\usbehci \Device\USBPDO-4 8511B430
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 8505B430
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83FD71F8
Device \Driver\atapi \Device\Ide\IdePort0 83FD71F8
Device \Driver\atapi \Device\Ide\IdePort1 83FD71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 83FD71F8
Device \Driver\cdrom \Device\CdRom1 8505B430
Device \Driver\cdrom \Device\CdRom2 8505B430
Device \Driver\cdrom \Device\CdRom3 8505B430
Device \Driver\NetBT \Device\NetBt_Wins_Export 8508F430
Device \Driver\PCI_PNP1390 \Device\0000004b sptd.sys
Device \Driver\vsmraid \Device\RaidPort0 83FD81F8
Device \Driver\usbuhci \Device\USBFDO-0 85117430
Device \Driver\usbuhci \Device\USBFDO-1 85117430
Device \Driver\usbuhci \Device\USBFDO-2 85117430
Device \Driver\usbuhci \Device\USBFDO-3 85117430
Device \Driver\usbehci \Device\USBFDO-4 8511B430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target1Lun0 85133430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target0Lun0 85133430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381 85133430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target2Lun0 85133430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x47 0x6D 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x13 0xAD 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x69 0x93 0x5F 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6B 0xD6 0xBC 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x2E 0x89 0x3B 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x7C 0x03 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x13 0xAD 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x69 0x93 0x5F 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6B 0xD6 0xBC 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x2E 0x89 0x3B 0x4B ...
---- Files - GMER 1.0.15 ----
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6209
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.03.2011 01:33:38
mbam-log-2011-03-30 (01-33-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146292
Laufzeit: 11 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Geändert von henneh (30.03.2011 um 00:36 Uhr) |
| Themen zu Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? |
| 0x00000001, adblock, adobe, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, browser, converter, defender, downloader, error, explorer, firefox, flash player, format, install.exe, internet, jdownloader, langs, launch, location, locker, logfile, mozilla, nicht gefunden, ntdll.dll, oldtimer, plug-in, problem, prozessor, registry, rundll, saver, searchplugins, security, shell32.dll, software, sptd.sys, start menu, system, usbport.sys, webcheck |
Baum-Darstellung