|
Plagegeister aller Art und deren Bekämpfung: SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.05.2011, 17:59 | #1 | ||
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Hallo, vor kurzem ist mir aufgefallen, dass sich antivir nicht mehr updaten läßt. Ich habe dann u.a. eine antivir-rescue-disk gebootet und den spyeyes-trojaner gefunden und deleted. Alle caches (Java, Temp, Temporäre Internetdateien sind geleert). Danach habe ich Malwarebytes laufen lassen (2.Log) und noch einen Adware-agent gefunden. Antivir kann ich immer noch nicht updaten. Wenn ich GMER laufen lassen möchte, stürzt der Rechner ab. Über eure Hilfe würde ich mich sehr freuen. Der antivir - Log: Zitat:
Folgender Log: Zitat:
|
24.05.2011, 19:32 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
24.05.2011, 21:07 | #3 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Hallo,
__________________ich hatte im safe-mode als admin auch nochmal einen Suchlauf gemacht und das kam raus: Alle anderen log-Dateien (ich habe Malwarebytes einige male laufen lassen) sind leer bzw. ohne Funde. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6658 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 5/24/2011 2:23:10 AM mbam-log-2011-05-24 (02-23-10).txt Scan type: Full scan (C:\|F:\|G:\|) Objects scanned: 348717 Time elapsed: 28 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: f:\Desktop\audioconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully. |
24.05.2011, 21:58 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
24.05.2011, 23:02 | #5 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)Code:
ATTFilter OTL logfile created on: 24.05.2011 23:50:16 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\meinname\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3,18 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 82,00% Memory free 5,02 Gb Paging File | 4,42 Gb Available in Paging File | 87,91% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 4,44 Gb Free Space | 9,09% Space Free | Partition Type: NTFS Drive E: | 1,84 Gb Total Space | 0,38 Gb Free Space | 20,83% Space Free | Partition Type: FAT32 Drive F: | 416,64 Gb Total Space | 400,50 Gb Free Space | 96,13% Space Free | Partition Type: NTFS Drive G: | 297,45 Mb Total Space | 297,41 Mb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: COMPUTER1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe PRC - [2011.05.14 16:01:13 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe MOD - [2011.05.14 16:05:35 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2008.04.14 06:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - File not found [On_Demand | Stopped] -- -- (TipCtrl) SRV - [2011.05.18 02:04:35 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai) SRV - [2011.05.14 16:01:13 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.12.06 23:26:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) ========== Driver Services (SafeList) ========== DRV - [2011.05.14 16:05:32 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2011.05.14 16:05:31 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2011.05.14 16:05:30 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.02.09 22:59:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.10 13:16:04 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.04 18:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.08.19 02:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.07.18 07:18:44 | 000,093,096 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.10.31 12:38:00 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.10.30 01:05:58 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage) DRV - [2008.07.30 16:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 01:15:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 21:49:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011.03.13 01:23:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins [2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7mq58obb.default\extensions [2011.05.24 11:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.11.24 18:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.04.23 18:55:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2011.04.09 03:46:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.09 03:46:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.09 03:46:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.09 03:46:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.09 03:46:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2007.08.11 08:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.06 03:56:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WMPNetworkSvc" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {4395D8A7-19B8-34B4-10D9-A60A0111307F} - Internet Explorer ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A9B4B5A5-2F94-153C-1B34-499A1E337ED3} - NetShow ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B4DA0E23-6F62-0669-DEAD-B3AD498C7378} - Dynamic HTML Data Binding for Java ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17746534284132352) ========== Files/Folders - Created Within 30 Days ========== [2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos [2011.05.24 10:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2011.05.24 10:51:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.05.24 10:51:20 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.05.24 10:51:20 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.05.24 10:51:20 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.05.24 10:51:20 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.05.24 10:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011.05.24 01:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en [2011.05.24 01:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2011.05.24 01:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2011.05.24 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.05.18 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en [2011.05.18 16:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FlashDevelop [2011.05.18 14:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de [2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2011.05.18 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle [2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2011.05.18 12:54:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2011.05.18 12:54:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011.05.18 02:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.05.12 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2011.05.05 16:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother [2011.05.05 16:56:03 | 000,055,296 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll [2011.05.05 16:56:02 | 000,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\PDRVINST.DLL [2011.05.05 16:56:02 | 000,081,920 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll [2011.05.05 16:56:02 | 000,065,536 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE [2011.05.05 16:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2011.05.05 16:56:01 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll [2011.05.05 16:56:01 | 000,000,000 | ---D | C] -- C:\Brother [2011.05.05 16:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother [2011.05.04 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape [2011.04.29 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\TourDeFlex [2011.04.28 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut [2010.11.22 17:54:01 | 000,091,913 | ---- | C] (FlashDevelop.org) -- C:\Program Files\Uninstall.exe [2010.10.07 21:57:36 | 000,362,496 | ---- | C] (FlashDevelop.org) -- C:\Program Files\FlashDevelop.exe [2010.10.07 21:57:28 | 001,350,144 | ---- | C] (FlashDevelop.org) -- C:\Program Files\PluginCore.dll [2010.10.04 08:27:22 | 000,520,704 | ---- | C] (scite.net.ru) -- C:\Program Files\SciLexer.dll [2010.10.04 08:27:22 | 000,106,496 | ---- | C] (Galos) -- C:\Program Files\Scripting.dll [2010.10.04 08:27:22 | 000,097,280 | ---- | C] (FlashDevelop.org) -- C:\Program Files\SwfOp.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.24 23:31:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.24 21:26:15 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003UA.job [2011.05.24 12:26:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003Core.job [2011.05.24 12:04:38 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe [2011.05.24 10:51:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.24 01:39:18 | 046,753,958 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip [2011.05.24 01:08:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk [2011.05.23 20:57:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.18 18:13:54 | 000,089,324 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip [2011.05.18 16:01:21 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Administrator\mm.cfg [2011.05.18 14:11:55 | 057,679,123 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip [2011.05.18 13:06:14 | 043,859,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip [2011.05.18 12:54:53 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2011.05.18 02:17:48 | 052,718,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe [2011.05.18 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-COMPUTER1-meinname.job [2011.05.14 16:05:35 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2011.05.14 16:05:32 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2011.05.14 16:05:31 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2011.05.14 16:05:31 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2011.05.14 16:05:30 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2011.05.12 16:43:51 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk [2011.05.05 17:30:08 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2011.05.05 17:26:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI [2011.05.05 16:56:44 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011.05.05 16:56:16 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf05a.dat [2011.05.04 17:48:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk [2011.05.04 01:19:54 | 000,000,693 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\os604495.bin [2011.04.29 20:38:10 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk [2011.04.25 18:53:38 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.24 16:18:09 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe [2011.05.24 10:51:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.24 01:41:06 | 046,753,958 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip [2011.05.24 01:08:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk [2011.05.18 18:16:08 | 000,089,324 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip [2011.05.18 16:00:47 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Administrator\mm.cfg [2011.05.18 14:07:41 | 057,679,123 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip [2011.05.18 13:08:42 | 043,859,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip [2011.05.18 12:54:53 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2011.05.18 12:54:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk [2011.05.18 12:54:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk [2011.05.18 02:14:14 | 052,718,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe [2011.05.12 16:43:51 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk [2011.05.12 16:43:51 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk [2011.05.05 16:56:44 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011.05.05 16:56:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat [2011.05.05 16:56:01 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.bmp [2011.05.04 17:48:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk [2011.05.04 17:48:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk [2011.05.04 01:09:57 | 000,000,693 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin [2011.04.29 20:38:10 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TourDeFlex.lnk [2011.04.29 20:38:10 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk [2011.02.18 16:26:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.10.04 08:27:22 | 000,145,920 | ---- | C] () -- C:\Program Files\Aga.dll [2010.10.04 08:27:22 | 000,002,401 | ---- | C] () -- C:\Program Files\FirstRun.fdb [2010.10.04 08:27:22 | 000,000,255 | ---- | C] () -- C:\Program Files\FlashDevelop.exe.config [2010.03.10 16:50:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2010.02.09 23:18:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.01.28 02:21:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.12.20 22:14:21 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.12.20 22:14:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.12.20 22:14:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009.12.09 21:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.12.06 23:02:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009.12.06 23:02:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.12.06 23:02:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009.12.06 23:02:03 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009.12.06 23:02:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2009.12.06 23:02:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009.12.06 20:51:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.12.06 20:33:57 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2009.12.06 11:45:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.12.06 11:44:39 | 003,448,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.12.06 03:57:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.12.06 03:53:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.04.14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.23 13:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.23 13:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver [2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver [2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.06.08 01:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver [2010.06.08 01:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM [2009.12.07 14:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI [2011.05.24 10:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2011.05.05 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother [2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2011.01.17 20:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo [2010.04.15 19:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2010.11.11 01:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.07 01:17:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.02.09 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver [2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009.12.09 20:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010.04.23 18:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010.03.01 23:44:10 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java-rmi.exe [2010.03.01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.exe [2010.03.01 23:44:10 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javacpl.exe [2010.03.01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaw.exe [2010.03.01 23:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaws.exe [2010.03.01 23:44:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jbroker.exe [2010.03.01 23:44:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2launcher.exe [2010.03.01 23:44:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqs.exe [2010.03.01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqsnotify.exe [2010.03.01 23:44:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jucheck.exe [2010.03.01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jureg.exe [2010.03.01 23:44:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jusched.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\keytool.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\kinit.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\klist.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ktab.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\orbd.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\pack200.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\policytool.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmid.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmiregistry.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\servertool.exe [2010.03.01 23:44:14 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ssvagent.exe [2010.03.01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\tnameserv.exe [2010.03.01 23:44:14 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\unpack200.exe [2008.07.10 20:34:16 | 000,528,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Allnet Driver\Wireless LAN USB Adapter\Driver\RaInst.exe [2011.05.24 01:15:59 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2009.12.10 13:15:54 | 000,533,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver\Hama Wireless LAN Adapter\Driver\RaInst.exe Invalid Environment Variable: APPDATA Invalid Environment Variable: APPDATA < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.09 22:59:25 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.12.06 11:44:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.12.06 11:44:06 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.12.06 11:44:06 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.11.04 17:45:14 | 000,479,232 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
25.05.2011, 09:09 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Bitte Comodo IS deinstallieren und die Windows-Firewall einschalten. Suites und PFWs sind in den allermeisten Fällen kontraproduktiv und kein Sicherheitsgewinn. Zitat:
Um die Updates kümmern wir uns aber später. Deinstallier erst mal Comodo und mach danach ein frisches OTL-Log.
__________________ --> SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) |
25.05.2011, 13:14 | #7 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Alles klar. Ich habe auch gleich nochmal eine paar Programme deinstalliert, deren trial-version abgelaufen ist. Code:
ATTFilter OTL logfile created on: 25.05.2011 14:04:41 - Run 4 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\meinname\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3,18 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 82,34% Memory free 5,02 Gb Paging File | 4,46 Gb Available in Paging File | 88,84% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 6,75 Gb Free Space | 13,82% Space Free | Partition Type: NTFS Drive E: | 1,84 Gb Total Space | 0,23 Gb Free Space | 12,68% Space Free | Partition Type: FAT32 Drive F: | 416,64 Gb Total Space | 400,50 Gb Free Space | 96,13% Space Free | Partition Type: NTFS Drive G: | 297,45 Mb Total Space | 297,38 Mb Free Space | 99,98% Space Free | Partition Type: FAT32 Computer Name: COMPUTER1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2011.05.24 23:01:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\meinname\Desktop\OTL.exe MOD - [2008.04.14 06:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - File not found [On_Demand | Stopped] -- -- (TipCtrl) SRV - [2011.05.18 02:04:35 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) ========== Driver Services (SafeList) ========== DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.02.09 22:59:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.10 13:16:04 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.04 18:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.08.19 02:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.07.18 07:18:44 | 000,093,096 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.10.31 12:38:00 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.10.30 01:05:58 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage) DRV - [2008.07.30 16:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 01:15:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 21:49:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011.03.13 01:23:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins [2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011.05.24 01:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7mq58obb.default\extensions [2011.05.24 11:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.11.24 18:27:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.04.23 18:55:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2011.04.09 03:46:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.09 03:46:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.09 03:46:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.09 03:46:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.09 03:46:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2007.08.11 08:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.06 03:56:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WMPNetworkSvc" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {4395D8A7-19B8-34B4-10D9-A60A0111307F} - Internet Explorer ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A9B4B5A5-2F94-153C-1B34-499A1E337ED3} - NetShow ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B4DA0E23-6F62-0669-DEAD-B3AD498C7378} - Dynamic HTML Data Binding for Java ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011.05.25 10:53:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.25 10:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp [2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011.05.24 11:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos [2011.05.24 10:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2011.05.24 10:51:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.05.24 10:51:20 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.05.24 10:51:20 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.05.24 10:51:20 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.05.24 10:51:20 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.05.24 10:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011.05.24 01:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en [2011.05.24 01:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2011.05.24 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2011.05.24 01:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2011.05.24 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.05.18 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en [2011.05.18 16:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FlashDevelop [2011.05.18 14:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de [2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2011.05.18 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2011.05.18 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle [2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2011.05.18 12:54:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data [2011.05.18 12:54:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2011.05.18 12:54:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites [2011.05.18 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2011.05.18 12:54:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011.05.18 02:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.05.12 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2011.05.05 16:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother [2011.05.05 16:56:03 | 000,055,296 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll [2011.05.05 16:56:02 | 000,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\PDRVINST.DLL [2011.05.05 16:56:02 | 000,081,920 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll [2011.05.05 16:56:02 | 000,065,536 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE [2011.05.05 16:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2011.05.05 16:56:01 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll [2011.05.05 16:56:01 | 000,000,000 | ---D | C] -- C:\Brother [2011.05.05 16:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother [2011.05.04 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape [2011.04.29 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\TourDeFlex [2011.04.28 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut [2010.11.22 17:54:01 | 000,091,913 | ---- | C] (FlashDevelop.org) -- C:\Program Files\Uninstall.exe [2010.10.07 21:57:36 | 000,362,496 | ---- | C] (FlashDevelop.org) -- C:\Program Files\FlashDevelop.exe [2010.10.07 21:57:28 | 001,350,144 | ---- | C] (FlashDevelop.org) -- C:\Program Files\PluginCore.dll [2010.10.04 08:27:22 | 000,520,704 | ---- | C] (scite.net.ru) -- C:\Program Files\SciLexer.dll [2010.10.04 08:27:22 | 000,106,496 | ---- | C] (Galos) -- C:\Program Files\Scripting.dll [2010.10.04 08:27:22 | 000,097,280 | ---- | C] (FlashDevelop.org) -- C:\Program Files\SwfOp.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.25 13:26:10 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003UA.job [2011.05.25 12:26:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003Core.job [2011.05.25 12:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.25 12:07:15 | 000,001,658 | ---- | M] () -- C:\WINDOWS\System32\.ini [2011.05.24 12:04:38 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe [2011.05.24 10:51:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.24 01:39:18 | 046,753,958 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip [2011.05.24 01:08:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk [2011.05.23 20:57:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.18 18:13:54 | 000,089,324 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip [2011.05.18 16:01:21 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Administrator\mm.cfg [2011.05.18 14:11:55 | 057,679,123 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip [2011.05.18 13:06:14 | 043,859,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip [2011.05.18 12:54:53 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2011.05.18 02:17:48 | 052,718,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe [2011.05.12 16:43:51 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk [2011.05.05 17:30:08 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2011.05.05 17:26:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI [2011.05.05 16:56:44 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011.05.05 16:56:16 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf05a.dat [2011.05.04 17:48:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk [2011.05.04 01:19:54 | 000,000,693 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\os604495.bin [2011.04.29 20:38:10 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk [2011.04.25 18:53:38 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.25 12:07:15 | 000,001,658 | ---- | C] () -- C:\WINDOWS\System32\.ini [2011.05.24 16:18:09 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\yyh0jcpd.exe [2011.05.24 10:51:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.24 01:41:06 | 046,753,958 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ivdf_fusebundle_nt_en.zip [2011.05.24 01:08:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Computer.lnk [2011.05.18 18:16:08 | 000,089,324 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_antirootkit_en.zip [2011.05.18 16:00:47 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Administrator\mm.cfg [2011.05.18 14:07:41 | 057,679,123 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de.zip [2011.05.18 13:08:42 | 043,859,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vdf_fusebundle.zip [2011.05.18 12:54:53 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2011.05.18 12:54:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk [2011.05.18 12:54:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk [2011.05.18 02:14:14 | 052,718,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_de(1).exe [2011.05.12 16:43:51 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk [2011.05.12 16:43:51 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk [2011.05.05 16:56:44 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011.05.05 16:56:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat [2011.05.05 16:56:01 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.bmp [2011.05.04 17:48:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk [2011.05.04 17:48:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk [2011.05.04 01:09:57 | 000,000,693 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin [2011.04.29 20:38:10 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TourDeFlex.lnk [2011.04.29 20:38:10 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TourDeFlex.lnk [2011.02.18 16:26:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.10.04 08:27:22 | 000,145,920 | ---- | C] () -- C:\Program Files\Aga.dll [2010.10.04 08:27:22 | 000,002,401 | ---- | C] () -- C:\Program Files\FirstRun.fdb [2010.10.04 08:27:22 | 000,000,255 | ---- | C] () -- C:\Program Files\FlashDevelop.exe.config [2010.03.10 16:50:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2010.02.09 23:18:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.01.28 02:21:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.12.20 22:14:21 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.12.20 22:14:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.12.20 22:14:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009.12.09 21:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.12.06 23:02:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009.12.06 23:02:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.12.06 23:02:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009.12.06 23:02:03 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009.12.06 23:02:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2009.12.06 23:02:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009.12.06 20:51:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.12.06 20:33:57 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2009.12.06 11:45:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.12.06 11:44:39 | 003,448,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.12.06 03:57:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.12.06 03:53:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.04.14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.23 13:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.23 13:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver [2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver [2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2011.05.25 11:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009.12.06 20:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allnet Driver [2009.12.07 14:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI [2011.05.24 10:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2011.05.05 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother [2010.02.09 23:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2011.01.17 20:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo [2010.04.15 19:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2010.11.11 01:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.07 01:17:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.02.09 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2010.11.25 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver [2010.06.08 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009.12.09 20:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010.04.23 18:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2011.04.03 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2008.07.10 20:34:16 | 000,528,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Allnet Driver\Wireless LAN USB Adapter\Driver\RaInst.exe [2011.05.24 01:15:59 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2009.12.10 13:15:54 | 000,533,792 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RalinkRT7x Driver\Hama Wireless LAN Adapter\Driver\RaInst.exe Invalid Environment Variable: APPDATA Invalid Environment Variable: APPDATA < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll [2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.09 22:59:25 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.12.06 11:44:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.12.06 11:44:06 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.12.06 11:44:06 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.11.04 17:45:14 | 000,479,232 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
25.05.2011, 14:29 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2011.05.04 01:09:57 | 000,000,693 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2011, 14:45 | #9 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)Code:
ATTFilter ========== OTL ========== C:\Documents and Settings\All Users\Documents\os604495.bin moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.23.0 log created on 05252011_154345 |
25.05.2011, 15:11 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2011, 15:19 | #11 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Mach ich. Antivir läßt sich übrigens wieder updaten. |
25.05.2011, 15:25 | #12 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)Code:
ATTFilter 2011/05/25 16:21:33.0156 1248 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24 2011/05/25 16:21:33.0218 1248 ================================================================================ 2011/05/25 16:21:33.0218 1248 SystemInfo: 2011/05/25 16:21:33.0218 1248 2011/05/25 16:21:33.0218 1248 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/25 16:21:33.0218 1248 Product type: Workstation 2011/05/25 16:21:33.0218 1248 ComputerName: COMPUTER1 2011/05/25 16:21:33.0218 1248 UserName: Martin 2011/05/25 16:21:33.0218 1248 Windows directory: C:\WINDOWS 2011/05/25 16:21:33.0218 1248 System windows directory: C:\WINDOWS 2011/05/25 16:21:33.0218 1248 Processor architecture: Intel x86 2011/05/25 16:21:33.0218 1248 Number of processors: 4 2011/05/25 16:21:33.0218 1248 Page size: 0x1000 2011/05/25 16:21:33.0218 1248 Boot type: Normal boot 2011/05/25 16:21:33.0218 1248 ================================================================================ 2011/05/25 16:21:34.0640 1248 Initialize success 2011/05/25 16:21:48.0734 4068 ================================================================================ 2011/05/25 16:21:48.0734 4068 Scan started 2011/05/25 16:21:48.0734 4068 Mode: Manual; 2011/05/25 16:21:48.0734 4068 ================================================================================ 2011/05/25 16:21:49.0609 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/25 16:21:49.0921 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/25 16:21:50.0468 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/25 16:21:50.0843 4068 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 2011/05/25 16:21:52.0000 4068 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/05/25 16:21:52.0968 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/25 16:21:53.0171 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/25 16:21:55.0140 4068 ati2mtag (3a1f64d8b1b6c6387c8c682c30843a38) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/05/25 16:21:55.0375 4068 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys 2011/05/25 16:21:55.0546 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/25 16:21:55.0734 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/25 16:21:55.0828 4068 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/25 16:21:56.0015 4068 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/05/25 16:21:56.0218 4068 avipbb (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/05/25 16:21:56.0406 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/25 16:21:56.0578 4068 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 2011/05/25 16:21:56.0765 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/25 16:21:56.0953 4068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/05/25 16:21:57.0296 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/25 16:21:57.0500 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/25 16:21:57.0671 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/25 16:21:58.0687 4068 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys 2011/05/25 16:21:58.0875 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/25 16:21:59.0296 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/25 16:21:59.0750 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/25 16:21:59.0921 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/25 16:22:00.0125 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/25 16:22:00.0468 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/25 16:22:00.0687 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/25 16:22:00.0875 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/05/25 16:22:01.0062 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/25 16:22:01.0234 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/25 16:22:01.0437 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/05/25 16:22:01.0609 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/25 16:22:01.0812 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/25 16:22:01.0968 4068 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/05/25 16:22:02.0203 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/25 16:22:02.0421 4068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/25 16:22:02.0609 4068 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/25 16:22:03.0031 4068 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/25 16:22:03.0546 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 2011/05/25 16:22:03.0750 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/25 16:22:05.0656 4068 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/05/25 16:22:06.0000 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/25 16:22:06.0187 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/05/25 16:22:06.0375 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/25 16:22:06.0546 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/25 16:22:06.0781 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/25 16:22:06.0953 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/25 16:22:07.0187 4068 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/05/25 16:22:07.0406 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/25 16:22:07.0578 4068 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys 2011/05/25 16:22:07.0765 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/25 16:22:07.0968 4068 JRAID (dc8e2779cdf0348a35aaffa3a1bde0c9) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/05/25 16:22:08.0156 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/25 16:22:08.0328 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/05/25 16:22:08.0562 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/25 16:22:08.0812 4068 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/25 16:22:09.0468 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/25 16:22:09.0640 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/25 16:22:09.0828 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/25 16:22:10.0015 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/25 16:22:10.0187 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/25 16:22:10.0578 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/25 16:22:10.0890 4068 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/25 16:22:11.0125 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/25 16:22:11.0312 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/25 16:22:11.0468 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/25 16:22:11.0640 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/25 16:22:11.0812 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/25 16:22:12.0000 4068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/05/25 16:22:12.0218 4068 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/25 16:22:12.0421 4068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/05/25 16:22:12.0671 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/25 16:22:12.0843 4068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/05/25 16:22:13.0031 4068 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/25 16:22:13.0203 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/25 16:22:13.0406 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/25 16:22:13.0609 4068 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/25 16:22:13.0796 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/25 16:22:14.0015 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/25 16:22:14.0250 4068 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/05/25 16:22:14.0421 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/25 16:22:14.0765 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/25 16:22:15.0046 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/25 16:22:15.0218 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/25 16:22:15.0406 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/25 16:22:15.0593 4068 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/05/25 16:22:15.0796 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/05/25 16:22:15.0984 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/25 16:22:16.0156 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/25 16:22:16.0343 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/25 16:22:16.0718 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/25 16:22:16.0921 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/25 16:22:18.0187 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/25 16:22:18.0390 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/25 16:22:18.0578 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/25 16:22:18.0765 4068 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/25 16:22:19.0718 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/25 16:22:19.0906 4068 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/05/25 16:22:20.0093 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/25 16:22:20.0281 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/25 16:22:20.0468 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/25 16:22:20.0703 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/25 16:22:20.0875 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/25 16:22:21.0093 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/25 16:22:21.0359 4068 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/25 16:22:21.0593 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/25 16:22:21.0984 4068 rt2870 (5532f69d0a845ffe9d70b9e0392fe50a) C:\WINDOWS\system32\DRIVERS\rt2870.sys 2011/05/25 16:22:22.0515 4068 RT73 (4ef3f74439aa644bcd8ddc0ed88a5d01) C:\WINDOWS\system32\DRIVERS\rt73.sys 2011/05/25 16:22:22.0875 4068 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/05/25 16:22:23.0093 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/25 16:22:23.0265 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/25 16:22:23.0453 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/25 16:22:23.0640 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/25 16:22:23.0984 4068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/05/25 16:22:24.0312 4068 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys 2011/05/25 16:22:24.0531 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/25 16:22:24.0937 4068 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 2011/05/25 16:22:24.0937 4068 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 2011/05/25 16:22:24.0937 4068 sptd - detected LockedFile.Multi.Generic (1) 2011/05/25 16:22:25.0109 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/25 16:22:25.0375 4068 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/25 16:22:25.0625 4068 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/05/25 16:22:25.0812 4068 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/05/25 16:22:26.0000 4068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/05/25 16:22:26.0156 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/25 16:22:26.0343 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/25 16:22:27.0187 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/25 16:22:27.0500 4068 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/25 16:22:27.0781 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/25 16:22:27.0968 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/25 16:22:28.0171 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/25 16:22:28.0562 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/25 16:22:29.0046 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/25 16:22:29.0359 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/05/25 16:22:29.0562 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/25 16:22:29.0750 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/25 16:22:29.0937 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/25 16:22:30.0140 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/25 16:22:30.0343 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/25 16:22:30.0562 4068 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/05/25 16:22:30.0781 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/25 16:22:31.0140 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/25 16:22:31.0312 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/25 16:22:31.0671 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/25 16:22:31.0906 4068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/05/25 16:22:31.0937 4068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/05/25 16:22:32.0109 4068 MBR (0x1B8) (43e336b3bf81392b7debdaf9cb3affdb) \Device\Harddisk1\DR6 2011/05/25 16:22:32.0375 4068 ================================================================================ 2011/05/25 16:22:32.0375 4068 Scan finished 2011/05/25 16:22:32.0375 4068 ================================================================================ 2011/05/25 16:22:32.0375 0220 Detected object count: 1 2011/05/25 16:22:32.0375 0220 Actual detected object count: 1 2011/05/25 16:23:10.0453 0220 LockedFile.Multi.Generic(sptd) - User select action: Skip |
25.05.2011, 16:01 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2011, 17:05 | #14 |
| SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Combofix Logfile: Code:
ATTFilter ComboFix 11-05-24.06 - Martin 25.05.2011 17:55:05.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3255.2842 [GMT 2:00] Running from: c:\documents and settings\Martin\Desktop\cofi.exe AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 ))))))))))))))))))))))))))))))) . . 2011-05-25 13:43 . 2011-05-25 13:43 -------- d-----w- C:\_OTL 2011-05-25 08:49 . 2011-05-25 09:01 -------- d-----w- c:\documents and settings\All Users\AdobeTemp 2011-05-24 10:16 . 2011-05-24 10:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Avira 2011-05-24 09:33 . 2011-05-24 09:33 -------- d-----w- c:\program files\Sophos 2011-05-24 08:51 . 2011-05-24 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-05-24 08:51 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-05-24 08:51 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-24 08:51 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-05-24 08:51 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-05-23 22:51 . 2011-05-23 22:51 -------- d-----w- c:\program files\Avira 2011-05-18 10:54 . 2011-05-18 14:00 -------- d-----w- c:\documents and settings\Administrator 2011-05-18 00:29 . 2011-05-18 16:58 -------- d-----w- c:\windows\system32\NtmsData 2011-05-12 14:43 . 2011-05-12 14:43 -------- d-----w- c:\documents and settings\Martin\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant 2011-05-12 14:43 . 2011-05-12 14:43 -------- d-----w- c:\program files\Adobe Download Assistant 2011-05-05 14:56 . 2005-05-09 09:38 55296 ------w- c:\windows\system32\brinsstr.dll 2011-05-05 14:56 . 2011-05-05 14:56 -------- d-----w- c:\program files\Brother 2011-05-05 14:56 . 2004-12-02 23:26 188416 ------w- c:\windows\system32\PDRVINST.DLL 2011-05-05 14:56 . 2003-07-02 23:08 65536 ------w- c:\windows\system32\BRWEBUP.EXE 2011-05-05 14:56 . 2002-10-30 23:09 81920 ------w- c:\windows\system32\BrWebIns.dll 2011-05-05 14:56 . 2000-01-28 10:19 513536 ------w- c:\program files\Common Files\InstallShield\WebUpdate\IFTW.EXE 2011-05-05 14:56 . 2000-01-28 10:19 331776 ------w- c:\program files\Common Files\InstallShield\WebUpdate\WebUpdate.exe 2011-05-05 14:56 . 2000-01-28 10:19 24576 ------w- c:\program files\Common Files\InstallShield\WebUpdate\RasThunk.dll 2011-05-05 14:56 . 2000-01-28 10:19 132096 ------w- c:\program files\Common Files\InstallShield\WebUpdate\ISiteLite.dll 2011-05-05 14:56 . 2011-05-05 14:56 -------- d-----w- C:\Brother 2011-05-05 14:56 . 2004-12-10 14:35 147456 ------w- c:\windows\brunin03.dll 2011-05-05 14:55 . 2011-05-05 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother 2011-05-05 14:55 . 2011-05-05 14:55 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2011-05-05 14:55 . 2011-05-05 14:55 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2011-05-05 14:55 . 2002-12-05 12:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2011-05-05 14:55 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2011-05-05 14:55 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2011-05-05 14:55 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2011-05-05 14:55 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2011-05-04 15:49 . 2011-05-04 15:49 -------- d-----w- c:\documents and settings\Martin\Application Data\inkscape 2011-05-04 15:46 . 2011-05-04 15:48 -------- d-----w- c:\program files\Inkscape 2011-04-29 18:38 . 2011-04-29 18:38 -------- d-----w- c:\documents and settings\Martin\Application Data\TourDeFlex.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 2011-04-29 18:38 . 2011-04-29 18:38 -------- d-----w- c:\program files\TourDeFlex 2011-04-28 10:01 . 2011-04-28 10:02 -------- d-----w- c:\program files\mp3DirectCut . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-07 19:57 . 2010-10-07 19:57 362496 ----a-w- c:\program files\FlashDevelop.exe 2010-10-07 19:57 . 2010-10-07 19:57 1350144 ----a-w- c:\program files\PluginCore.dll 2010-10-04 06:27 . 2010-10-04 06:27 97280 ----a-w- c:\program files\SwfOp.dll 2010-10-04 06:27 . 2010-10-04 06:27 520704 ----a-w- c:\program files\SciLexer.dll 2010-10-04 06:27 . 2010-10-04 06:27 145920 ----a-w- c:\program files\Aga.dll 2010-10-04 06:27 . 2010-10-04 06:27 106496 ----a-w- c:\program files\Scripting.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys . [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys . [-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys . [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys . [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys . [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll . [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe . [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll . [-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll [-] 2008-04-14 04:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll . [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll . [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rpcss.dll . [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\services.exe . [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe . [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe . [-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe [-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\system32\dllcache\wuauclt.exe . [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll . [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll . [-] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll [-] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll . [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll . [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kernel32.dll . [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll . [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll . [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\system32\mshtml.dll [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\mshtml.dll . [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll . [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\mswsock.dll . [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll . [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll . [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll . [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll . [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe . [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll . [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll . [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe . [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\system32\wininet.dll [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\wininet.dll . [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll . [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll . [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe . [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe . [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll . [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\dllcache\usp10.dll . [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll . [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe . [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll . [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll . [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll . [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe . [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll . [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll . [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll . [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll . [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll . [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll . [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll . [-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys [-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys . [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys . [-] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll . [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll . [-] 2008-04-14 04:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll . [-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe . [-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll . [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll . [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll . [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll . [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll . [-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2008-04-14 04:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll . [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll . [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll . [-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe . [-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe . [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll . [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll . [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll . [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll . [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=c:\windows\pss\Status Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-03-02 09:28 282792 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-07-19 10:36 933888 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-02-18 15:16 136176 ----atw- c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Apache2.2"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2010 10:59 PM 717296] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 6:42 AM 14336] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/30/2008 1:05 AM 31896] S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?] S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\19.tmp --> c:\windows\system32\19.tmp [?] S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?] S4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [5/24/2011 10:51 AM 135336] S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [4/25/2011 1:29 AM 29416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003Core.job - c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-18 15:16] . 2011-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-115176313-1417001333-1003UA.job - c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-18 15:16] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\dccp4xul.default\ FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-AdobeBridge - (no file) AddRemove-FlashDevelop - c:\program files\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-05-25 17:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\19.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-05-25 18:01:34 ComboFix-quarantined-files.txt 2011-05-25 16:01 . Pre-Run: 7.280.852.992 bytes free Post-Run: 10.607.783.936 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 9907A540DB6BC0FEA0DDEE5C73901AFC |
25.05.2011, 20:43 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten) |
anti-malware, antivir, avira, dateien, detected, explorer, file, file is encrypted, gmer, horse, java, java virus, linux, malwarebytes, nicht mehr, programme, rechner, rojaner gefunden, start, system volume information, temp, trojan horse, update, updaten, version, virus, _restore |