| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 4221Dd01 - JS/Kryptik.AI TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2011, 21:19
| #1 | |
 |  4221Dd01 - JS/Kryptik.AI Trojaner Hallo zusammen, bin neu hier und hoffe auf Hilfe bzw. Beratung. Habe den oben genannten Trojaner mit ESET Smart Security gefunden und ihn dann aus der Quarantäne gelöscht. Dannach habe ich gegoogelt was das überhaut war und bin auf diesen Beitrag in euerem Forum gestoßen http://www.trojaner-board.de/98758-w...tml#post653852 Jetzt bin ich schon ein wenig beunruhigt, vor allem weil ich schon länger keinen Scann mehr durchgeführt hatte und nicht weiß wie lange der Trojaner schon drauf ist. Vor allem wegen dem Onlinebanking. Das zeigt ESET beim Fund an: C:\Users\****\AppData\Local\Mozilla\Firefox\Profiles\8svz5kw5.default\Cache\1\7F\4221Dd01 » GZIP » 4221Dd01 - JS/Kryptik.AI Trojaner Nach einem Neustart und weiteren Scann habe ich aber keinen Fund mehr. Malwarebytes findet auch nichts mbam-log-2011-05-26(21-51-40): Zitat:
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.05.2011 22:01:42 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,93 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 65,42% Memory free 15,85 Gb Paging File | 12,90 Gb Available in Paging File | 81,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 52,07 Gb Free Space | 44,72% Space Free | Partition Type: NTFS Drive D: | 185,20 Gb Total Space | 108,86 Gb Free Space | 58,78% Space Free | Partition Type: NTFS Drive F: | 232,87 Gb Total Space | 162,12 Gb Free Space | 69,62% Space Free | Partition Type: NTFS Drive G: | 232,89 Gb Total Space | 115,69 Gb Free Space | 49,68% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - D:\Valve\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "proxy.uni-erlangen.de" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "proxy.uni-erlangen.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.uni-erlangen.de" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "proxy.uni-erlangen.de" FF - prefs.js..network.proxy.ssl_port: 80 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.18 02:16:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.18 02:16:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.29 21:15:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.06 18:34:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 13:49:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.04.06 18:34:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.02.13 08:53:45 | 000,000,000 | ---D | M] [2011.02.10 21:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.02.10 21:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.24 13:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\8svz5kw5.default\extensions [2011.04.27 01:22:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\8svz5kw5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.03 22:51:21 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\8svz5kw5.default\extensions\foxyproxy@eric.h.jung [2011.04.06 16:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.30 19:27:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.02.10 19:20:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.24 14:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SVZ5KW5.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SVZ5KW5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SVZ5KW5.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.04.29 21:15:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [Setwallpaper] File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [Steam] D:\Valve\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.251.2 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.26 21:46:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.05.26 21:45:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.26 21:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.26 21:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.26 21:45:47 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.26 21:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.24 23:06:06 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\Audio Recorder for Free [2011.05.24 23:06:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Audio Recorder for Free [2011.05.24 23:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder for Free [2011.05.24 23:05:58 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll [2011.05.24 23:05:58 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll [2011.05.24 23:05:58 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll [2011.05.24 23:05:58 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll [2011.05.24 23:05:58 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll [2011.05.24 23:05:58 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll [2011.05.24 23:05:58 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll [2011.05.24 23:05:58 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll [2011.05.24 23:05:58 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll [2011.05.24 23:05:58 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll [2011.05.24 23:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder for Free [2011.05.24 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\ASUS [2011.05.23 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (2) [2011.05.23 16:39:53 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner [2011.05.18 02:48:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.18 02:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.05.16 13:44:19 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.16 00:30:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ApplicationHistory [2011.05.16 00:29:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2011.05.16 00:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011.05.16 00:27:39 | 000,000,000 | ---D | C] -- C:\StartUp [2011.05.16 00:27:39 | 000,000,000 | ---D | C] -- C:\Setup_Shell [2011.05.16 00:27:39 | 000,000,000 | ---D | C] -- C:\CommonStartUp [2011.05.16 00:26:07 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\ESItronic [2011.05.16 00:25:31 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000 [2011.05.16 00:25:31 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet35.dll [2011.05.16 00:25:31 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrepl35.dll [2011.05.16 00:25:31 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msrd2x35.dll [2011.05.16 00:25:31 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJINT35.DLL [2011.05.16 00:25:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSJTER35.DLL [2011.05.16 00:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spielberg DMS [2011.05.16 00:25:27 | 002,060,288 | ---- | C] (Micrografx) -- C:\Windows\SysWow64\acgm.dll [2011.05.16 00:25:19 | 000,606,208 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\igsnrn22.dll [2011.05.16 00:25:19 | 000,557,056 | ---- | C] (SnowBound Software Corporation (www.Snowbnd.com)) -- C:\Windows\SysWow64\snbd10dm.dll [2011.05.16 00:25:19 | 000,531,968 | ---- | C] (SnowBound Software Corporation (www.Snowbnd.com)) -- C:\Windows\SysWow64\snbd9dm.dll [2011.05.16 00:25:19 | 000,526,336 | ---- | C] (SnowBound Software Corporation (www.Snowbnd.com)) -- C:\Windows\SysWow64\snbd8w98.dll [2011.05.16 00:25:19 | 000,385,536 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\igsncm22.dll [2011.05.16 00:25:19 | 000,125,952 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\igsnpb22.dll [2011.05.16 00:25:19 | 000,086,528 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\Igsncx22.dll [2011.05.16 00:25:19 | 000,038,400 | ---- | C] (Summit Software Company) -- C:\Windows\SysWow64\igsnol22.dll [2011.05.16 00:25:19 | 000,033,280 | ---- | C] (Snowbound Software Corporation (www.Snowbnd.com)) -- C:\Windows\SysWow64\snbdpl1.dll [2011.05.16 00:24:35 | 000,000,000 | ---D | C] -- C:\ESI [2011.05.15 23:43:57 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2011.05.15 23:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% [2011.05.15 23:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2011.05.11 23:16:30 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.05.11 23:16:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.05.11 23:16:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.05.11 23:16:28 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.05.11 14:59:49 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.05.11 14:59:47 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.05.11 14:59:46 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.05.10 17:21:18 | 000,000,000 | R--D | C] -- C:\Users\****\Dropbox [2011.05.10 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.05.10 17:18:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Dropbox [2011.05.02 03:45:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer [2011.05.02 03:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2011.05.02 03:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2011.05.01 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\My Photos [2011.05.01 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\My Documents [2011.04.29 21:36:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.04.29 21:36:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\HTC [2011.04.29 21:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2011.04.29 21:34:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations [2011.04.29 21:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2011.04.29 21:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2011.04.29 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2011.04.29 20:35:43 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2011.04.29 20:35:42 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2011.04.29 20:35:42 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2011.04.29 20:35:42 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2011.04.29 20:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2011.04.29 20:32:43 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2011.04.29 20:32:43 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2011.04.29 20:32:43 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2011.04.29 20:32:43 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2011.04.29 20:32:43 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2011.04.29 20:32:43 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2011.04.29 20:32:43 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2011.04.29 20:32:43 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2011.04.29 20:32:43 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2011.04.29 20:32:43 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2011.04.29 20:32:43 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2011.04.29 20:32:43 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2011.04.29 20:32:43 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2011.04.29 20:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.04.29 20:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2011.04.28 14:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK [2011.04.28 14:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update [2011.04.28 14:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2011.04.28 14:24:44 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\Sony Ericsson [2011.04.28 14:24:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Sony Ericsson [2011.04.28 14:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software [2011.04.28 14:22:55 | 000,152,616 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017mdm.sys [2011.04.28 14:22:55 | 000,145,960 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017unic.sys [2011.04.28 14:22:55 | 000,133,160 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017mgmt.sys [2011.04.28 14:22:55 | 000,128,552 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017obex.sys [2011.04.28 14:22:55 | 000,113,704 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017bus.sys [2011.04.28 14:22:55 | 000,034,856 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017nd5.sys [2011.04.28 14:22:55 | 000,019,496 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017mdfl.sys [2011.04.28 14:22:55 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017whnt.sys [2011.04.28 14:22:55 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017wh.sys [2011.04.28 14:22:55 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017cmnt.sys [2011.04.28 14:22:55 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017cm.sys [2011.04.28 14:22:55 | 000,013,864 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s0017cr.sys [2011.04.28 14:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2011.04.28 14:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.04.28 14:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2011.04.27 15:41:48 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.27 15:41:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.27 15:41:47 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.27 15:41:47 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.27 15:41:47 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.27 15:41:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.27 15:41:47 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.27 15:41:33 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.27 15:41:33 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.27 15:41:32 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.27 15:41:31 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.27 15:41:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.27 15:41:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.27 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.27 01:22:58 | 000,000,000 | ---D | C] -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\DVDVideoSoft [2011.04.27 01:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2011.04.27 01:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.04.27 01:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.04.27 01:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft ========== Files - Modified Within 30 Days ========== [2011.05.26 21:45:51 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.26 20:56:25 | 415,301,632 | ---- | M] () -- C:\Users\****\Desktop\ctbankix-2011.iso [2011.05.26 19:13:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 19:13:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 19:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.26 19:06:32 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys [2011.05.24 11:18:07 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.24 11:18:07 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.24 11:18:07 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.24 11:18:07 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.24 11:18:06 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.18 14:10:14 | 000,472,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.18 02:49:33 | 000,000,009 | ---- | M] () -- C:\Windows\ULEAD32.INI [2011.05.16 21:17:00 | 000,001,316 | ---- | M] () -- C:\Windows\RBSystem.ini [2011.05.16 21:17:00 | 000,000,551 | ---- | M] () -- C:\Windows\ESIDATA.ini [2011.05.16 13:44:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.16 00:30:19 | 000,000,096 | ---- | M] () -- C:\Users\****\AppData\Local\fusioncache.dat [2011.05.16 00:30:19 | 000,000,059 | ---- | M] () -- C:\Windows\~DDB_Setup.ini [2011.05.16 00:30:09 | 001,554,122 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.16 00:25:03 | 000,004,017 | ---- | M] () -- C:\Windows\System\v9Sys_xx.vxd [2011.05.16 00:00:09 | 000,001,520 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2011.05.16 00:00:06 | 000,002,174 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.05.15 23:07:54 | 000,868,848 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.05.10 17:19:12 | 000,001,029 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.05.07 17:47:26 | 020,177,567 | ---- | M] () -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\VIDEO0002.3gp [2011.05.02 03:45:42 | 000,002,063 | ---- | M] () -- C:\Users\****\MyPhoneExplorer.lnk [2011.04.29 21:36:00 | 000,001,084 | ---- | M] () -- C:\Users\****\HTC Sync.lnk [2011.04.28 14:52:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.28 14:29:55 | 000,002,270 | ---- | M] () -- C:\Users\****\Sony Ericsson PC Companion 2.0.lnk [2011.04.27 01:23:01 | 000,001,245 | ---- | M] () -- C:\Users\****\DVDVideoSoft Free Studio.lnk [2011.04.27 01:22:57 | 000,001,318 | ---- | M] () -- C:\Users\****\Free YouTube Download.lnk ========== Files Created - No Company Name ========== [2011.05.26 21:45:51 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.26 20:25:17 | 415,301,632 | ---- | C] () -- C:\Users\****\Desktop\ctbankix-2011.iso [2011.05.24 23:05:58 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2011.05.16 00:30:19 | 000,000,096 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2011.05.16 00:29:31 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.16 00:28:45 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2011.05.16 00:27:39 | 000,000,059 | ---- | C] () -- C:\Windows\~DDB_Setup.ini [2011.05.16 00:25:41 | 000,001,316 | ---- | C] () -- C:\Windows\RBSystem.ini [2011.05.16 00:25:38 | 000,397,312 | ---- | C] () -- C:\Windows\esi_kl01.dat [2011.05.16 00:25:19 | 000,006,967 | ---- | C] () -- C:\Windows\SysWow64\Browser.men [2011.05.16 00:25:19 | 000,006,958 | ---- | C] () -- C:\Windows\SysWow64\browser.exa [2011.05.16 00:25:03 | 000,004,017 | ---- | C] () -- C:\Windows\System\v9Sys_xx.vxd [2011.05.15 23:43:58 | 000,000,551 | ---- | C] () -- C:\Windows\ESIDATA.ini [2011.05.15 23:07:54 | 000,868,848 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.05.10 17:19:12 | 000,001,029 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.05.07 17:44:35 | 020,177,567 | ---- | C] () -- C:\Users\****\OpenOffice.org 3.2 (de) Installation Files\Documents\VIDEO0002.3gp [2011.05.02 03:45:42 | 000,002,063 | ---- | C] () -- C:\Users\****\MyPhoneExplorer.lnk [2011.04.29 21:36:00 | 000,001,084 | ---- | C] () -- C:\Users\****\HTC Sync.lnk [2011.04.29 20:35:42 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.29 20:32:43 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2011.04.29 20:32:43 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2011.04.29 20:32:43 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2011.04.29 20:32:43 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2011.04.29 20:32:43 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2011.04.29 20:32:43 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2011.04.29 20:32:43 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2011.04.29 20:32:43 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2011.04.28 14:52:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.28 14:29:55 | 000,002,270 | ---- | C] () -- C:\Users\****\Sony Ericsson PC Companion 2.0.lnk [2011.04.27 01:23:01 | 000,001,245 | ---- | C] () -- C:\Users\****\DVDVideoSoft Free Studio.lnk [2011.04.27 01:22:57 | 000,001,318 | ---- | C] () -- C:\Users\****\Free YouTube Download.lnk [2011.04.21 21:03:50 | 000,000,009 | ---- | C] () -- C:\Windows\ULEAD32.INI [2011.03.14 22:15:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.05.30 20:13:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.30 20:08:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.30 03:49:21 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.04.21 01:08:41 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.04.21 01:06:22 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini [2010.04.21 01:06:22 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini [2010.04.21 01:03:59 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.04.21 01:03:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.04.21 00:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.21 00:48:32 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.10.26 05:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009.08.19 10:33:09 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2009.08.19 10:33:09 | 000,000,232 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll ========== LOP Check ========== [2010.05.30 18:45:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis [2010.05.01 02:28:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Asus WebStorage [2011.05.24 23:49:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audio Recorder for Free [2011.05.26 19:07:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox [2011.04.27 01:22:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.21 01:20:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular [2010.05.30 04:47:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET [2011.05.24 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla [2011.05.25 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HLSW [2011.04.29 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC [2011.04.29 21:36:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.02.23 01:45:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView [2011.02.10 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2011.03.20 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mumble [2011.05.02 03:48:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer [2011.02.14 21:29:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++ [2010.05.30 20:32:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2011.02.10 21:28:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2010.05.30 11:04:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian [2011.05.13 13:13:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.04.03 17:03:55 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.05.2011 22:01:42 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,93 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 65,42% Memory free
15,85 Gb Paging File | 12,90 Gb Available in Paging File | 81,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 52,07 Gb Free Space | 44,72% Space Free | Partition Type: NTFS
Drive D: | 185,20 Gb Total Space | 108,86 Gb Free Space | 58,78% Space Free | Partition Type: NTFS
Drive F: | 232,87 Gb Total Space | 162,12 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive G: | 232,89 Gb Total Space | 115,69 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88CD6A0C-1220-4CD3-9AF1-ADB1D888C39E}" = ESET Smart Security
"{8C69B19F-71DF-F80F-0C2F-56E9FE5C95CB}" = WMV9/VC-1 Video Playback
"{8E3ECAA6-4975-17E7-E443-960F8E3F9136}" = ccc-utility64
"{90A1F0ED-BC6F-EBD4-2101-885AB084499C}" = ATI Catalyst Install Manager
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F634E9C2-5D00-3A4B-5AB0-148C431BBDD5}" = ATI AVIVO64 Codecs
"0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
"2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"ASUS WebStorage" = ASUS WebStorage
"F9FD5BBF579A4BFD40D38BE291F731666B27DC28" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5A4FB792-D98F-409C-24B6-BD2A80D30E3A}" = Catalyst Control Center Graphics Previews Common
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{896C5024-AA39-12E8-D6C2-D818B7E3D58F}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A22BB09-8086-691D-F409-3AF74D9E3BF0}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ADEEF3E4-15A4-F286-38EE-675A8EF0212B}" = Catalyst Control Center InstallProxy
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B72E80DB-DF9B-DE1E-8899-CC74B6B9456A}" = Catalyst Control Center InstallProxy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11031}" = Nero 7 Ultra Edition
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Notebook_G73" = ASUS_Notebook_G73 Screen Saver
"Audio Recorder for Free_is1" = Audio Recorder for Free 2010 v12.8.2
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"FileZilla Client" = FileZilla Client 3.4.0
"Free YouTube Download_is1" = Free YouTube Download version 2.10.34.421
"HLSW_is1" = HLSW v1.3.2.1
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MPE" = MyPhoneExplorer
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"SprayR" = SprayR 1.0 RC7b
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2011 07:13:29 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 08:12:19 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 08:13:27 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 09:12:19 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 09:13:27 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 10:12:19 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 10:13:28 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 11:12:20 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 11:13:27 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
Error - 12.05.2011 12:12:19 | Computer Name = ****-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 07.04.2011 17:22:41 | Computer Name = ****-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
Soll ich nun das System neu aufsetzten bzw ein Uralt-Backup einspielen? Werde mir auf jeden fall diese Maßnahmen von "markusg" genauer anschauen falls sich das mit dem Trojaner schon erledigt haben sollte. Vielen dank im voraus HIAS234 Edit: Sehe gerade, dass seid einer halben Ewigkeit mein Mozilla-Thunderbird-Symbol in der Schnellstartleiste wieder richtig angezeigt wird. Kann das was damit zu tun haben? Geändert von HIAS234 (26.05.2011 um 21:29 Uhr) |
|
27.05.2011, 18:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 4221Dd01 - JS/Kryptik.AI TrojanerZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
28.05.2011, 16:31
| #3 | |
| | 4221Dd01 - JS/Kryptik.AI Trojaner Danke für die rasche Antwort.
__________________ Ältere Logs hab ich leider nicht. Hier mal der neue Log: Zitat:
|
|
28.05.2011, 23:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4221Dd01 - JS/Kryptik.AI Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.05.16 00:28:45 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011.05.16 00:27:39 | 000,000,059 | ---- | C] () -- C:\Windows\~DDB_Setup.ini
[2011.05.16 00:25:41 | 000,001,316 | ---- | C] () -- C:\Windows\RBSystem.ini
[2011.05.16 00:25:38 | 000,397,312 | ---- | C] () -- C:\Windows\esi_kl01.dat
[2011.05.16 00:25:19 | 000,006,967 | ---- | C] () -- C:\Windows\SysWow64\Browser.men
[2011.05.16 00:25:19 | 000,006,958 | ---- | C] () -- C:\Windows\SysWow64\browser.exa
[2011.05.16 00:25:03 | 000,004,017 | ---- | C] () -- C:\Windows\System\v9Sys_xx.vxd
[2011.05.15 23:43:58 | 000,000,551 | ---- | C] () -- C:\Windows\ESIDATA.ini
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.05.2011, 20:26
| #5 | |
| | 4221Dd01 - JS/Kryptik.AI Trojaner Hoffe das ist richtig so: Zitat:
|
|
30.05.2011, 10:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4221Dd01 - JS/Kryptik.AI Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> 4221Dd01 - JS/Kryptik.AI Trojaner |
|
30.05.2011, 21:30
| #7 | |
| | 4221Dd01 - JS/Kryptik.AI Trojaner Log TDSSKILLER: Zitat:
|
|
31.05.2011, 08:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4221Dd01 - JS/Kryptik.AI Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2011, 09:32
| #9 |
| | 4221Dd01 - JS/Kryptik.AI Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-05-30.07 - **** 31.05.2011 10:13:42.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8117.6211 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\cofi.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\****\ThemesCreator-v4.16.2.6.exe
c:\windows\SysWow64\AVSredirect.dll
F:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-31 ))))))))))))))))))))))))))))))
.
.
2011-05-29 19:22 . 2011-05-29 19:22 -------- d-----w- C:\_OTL
2011-05-27 11:30 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D36C9165-43D8-4E57-98C9-2697D5C68CED}\mpengine.dll
2011-05-26 19:46 . 2011-05-26 19:46 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2011-05-26 19:45 . 2011-05-26 19:45 -------- d-----w- c:\programdata\Malwarebytes
2011-05-26 19:45 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-26 19:45 . 2011-05-26 19:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-26 19:45 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 21:06 . 2011-05-24 21:49 -------- d-----w- c:\users\****\AppData\Roaming\Audio Recorder for Free
2011-05-24 21:05 . 2011-05-24 21:05 -------- d-----w- c:\program files (x86)\Audio Recorder for Free
2011-05-24 21:05 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2011-05-24 21:05 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2011-05-24 21:05 . 2005-04-25 11:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2011-05-24 21:05 . 2005-04-25 11:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2011-05-24 21:05 . 2005-04-15 10:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2011-05-24 21:05 . 2005-04-04 15:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2011-05-24 21:05 . 2005-03-28 13:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2011-05-24 21:05 . 2005-03-28 13:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2011-05-24 21:05 . 2005-02-24 09:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2011-05-24 21:05 . 2004-11-04 11:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2011-05-16 11:44 . 2011-05-16 11:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-15 22:30 . 2011-05-15 22:30 -------- d-----w- c:\users\****\AppData\Local\ApplicationHistory
2011-05-15 22:29 . 2011-05-15 22:29 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-05-15 22:28 . 2011-05-15 22:28 -------- d-----w- c:\windows\SysWow64\Adobe
2011-05-15 22:27 . 2011-05-15 22:27 -------- d-----w- C:\StartUp
2011-05-15 22:27 . 2011-05-15 22:27 -------- d-----w- C:\Setup_Shell
2011-05-15 22:27 . 2011-05-15 22:27 -------- d-----w- C:\CommonStartUp
2011-05-15 22:24 . 2011-05-15 22:24 -------- d-----w- C:\ESI
2011-05-15 21:43 . 1998-11-17 11:44 328704 ----a-w- c:\windows\IsUn0407.exe
2011-05-15 21:07 . 2011-05-15 21:14 -------- d-----w- c:\program files (x86)\Alcohol Soft
2011-05-11 21:16 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 21:16 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 21:16 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 21:16 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 21:16 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 21:16 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 21:16 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 21:16 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 21:16 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 12:59 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 12:59 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 12:59 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 15:21 . 2011-05-31 06:15 -------- d-----r- c:\users\****\Dropbox
2011-05-10 15:18 . 2011-05-31 06:16 -------- d-----w- c:\users\****\AppData\Roaming\Dropbox
2011-05-02 01:45 . 2011-05-02 01:48 -------- d-----w- c:\users\****\AppData\Roaming\MyPhoneExplorer
2011-05-02 01:45 . 2011-05-02 01:45 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 11:41 . 2011-03-23 11:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-23 11:41 . 2011-03-23 11:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-23 11:41 . 2011-03-23 11:41 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-23 11:41 . 2011-03-23 11:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-23 11:41 . 2011-03-23 11:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-23 11:41 . 2011-03-23 11:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-23 11:41 . 2011-03-23 11:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-23 11:41 . 2011-03-23 11:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-23 11:41 . 2011-03-23 11:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-23 11:41 . 2011-03-23 11:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-23 11:41 . 2011-03-23 11:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-23 11:41 . 2011-03-23 11:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-23 11:41 . 2011-03-23 11:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-23 11:41 . 2011-03-23 11:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-23 11:41 . 2011-03-23 11:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-23 11:41 . 2011-03-23 11:41 448512 ----a-w- c:\windows\system32\html.iec
2011-03-23 11:41 . 2011-03-23 11:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-23 11:41 . 2011-03-23 11:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-23 11:41 . 2011-03-23 11:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-23 11:41 . 2011-03-23 11:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-23 11:41 . 2011-03-23 11:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-23 11:41 . 2011-03-23 11:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-23 11:41 . 2011-03-23 11:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-23 11:41 . 2011-03-23 11:41 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-23 11:41 . 2011-03-23 11:41 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-23 11:41 . 2011-03-23 11:41 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-23 11:41 . 2011-03-23 11:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-23 11:41 . 2011-03-23 11:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-23 11:41 . 2011-03-23 11:41 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-23 11:41 . 2011-03-23 11:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-23 11:41 . 2011-03-23 11:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-23 11:41 . 2011-03-23 11:41 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-23 11:41 . 2011-03-23 11:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-23 11:41 . 2011-03-23 11:41 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-23 11:41 . 2011-03-23 11:41 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-23 11:41 . 2011-03-23 11:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-23 11:41 . 2011-03-23 11:41 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-23 11:41 . 2011-03-23 11:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-23 11:41 . 2011-03-23 11:41 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-23 11:41 . 2011-03-23 11:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-23 11:41 . 2011-03-23 11:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-23 11:41 . 2011-03-23 11:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-12 12:08 . 2011-04-27 13:41 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-27 13:41 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-27 13:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-27 13:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-27 13:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-27 13:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-27 13:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-27 13:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:41 . 2011-04-27 13:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:34 . 2011-04-13 10:56 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-13 10:56 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-27 13:41 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-27 13:41 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-13 10:56 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-13 10:56 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-27 13:41 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-27 13:41 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:29 . 2011-04-13 10:56 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-13 10:56 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-27 13:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 13:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-13 10:56 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-13 10:56 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-13 10:56 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-13 10:56 3135488 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\valve\Steam\steam.exe" [2010-11-18 1242448]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-31 5140952]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-30 2429]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-2-10 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-20 79360]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/20 15:25];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-30 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-31 362032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 172.30.251.2
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8svz5kw5.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-01058477.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Notebook_G73 - c:\windows\system32\ASUS_Notebook_G73.scr
AddRemove-Steam App 10190 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-31 10:19:18
ComboFix-quarantined-files.txt 2011-05-31 08:19
.
Vor Suchlauf: 18 Verzeichnis(se), 61.141.590.016 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 61.902.610.432 Bytes frei
.
- - End Of File - - 8931A16C705D4EC77F9B94539D9E6296
|
|
31.05.2011, 12:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4221Dd01 - JS/Kryptik.AI Trojaner Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2011, 16:52
| #11 |
| | 4221Dd01 - JS/Kryptik.AI Trojaner MBRCheck_05.31.11_17.49.44 Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: G73Jh
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 209):
0x0320D000 \SystemRoot\system32\ntoskrnl.exe
0x037F6000 \SystemRoot\system32\hal.dll
0x00BC2000 \SystemRoot\system32\kdcom.dll
0x00C14000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C63000 \SystemRoot\system32\PSHED.dll
0x00C77000 \SystemRoot\system32\CLFS.SYS
0x00CD5000 \SystemRoot\system32\CI.dll
0x00E08000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EAC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EBB000 \SystemRoot\system32\drivers\ACPI.sys
0x00F12000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F1B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F25000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F32000 \SystemRoot\system32\drivers\pci.sys
0x00F65000 \SystemRoot\System32\drivers\partmgr.sys
0x00F7A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F83000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F8F000 \SystemRoot\system32\drivers\volmgr.sys
0x00FA4000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\drivers\pciide.sys
0x00D95000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DA5000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011A7000 \SystemRoot\system32\drivers\atapi.sys
0x011B0000 \SystemRoot\system32\drivers\ataport.SYS
0x011DA000 \SystemRoot\system32\drivers\msahci.sys
0x011E5000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01247000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014A1000 \SystemRoot\System32\Drivers\msrpc.sys
0x014FF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0151A000 \SystemRoot\System32\Drivers\cng.sys
0x0158C000 \SystemRoot\System32\drivers\pcw.sys
0x0159D000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016D9000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01844000 \SystemRoot\System32\drivers\tcpip.sys
0x01A48000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A92000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B7B000 \SystemRoot\system32\drivers\volsnap.sys
0x01C12000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01D7E000 \SystemRoot\System32\Drivers\spldr.sys
0x01D86000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01DC6000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C00000 \SystemRoot\System32\Drivers\mup.sys
0x01BC7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BD0000 \SystemRoot\system32\DRIVERS\disk.sys
0x0168B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015A7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x049D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04800000 \SystemRoot\System32\Drivers\Null.SYS
0x04809000 \SystemRoot\System32\Drivers\Beep.SYS
0x04810000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x04835000 \SystemRoot\System32\drivers\vga.sys
0x04843000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04868000 \SystemRoot\System32\drivers\watchdog.sys
0x04878000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04881000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0488A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04893000 \SystemRoot\System32\Drivers\Msfs.SYS
0x016BB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017CC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x01200000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01BF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01060000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01489000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x015DD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00DBF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x015EC000 \SystemRoot\system32\drivers\termdd.sys
0x04C6F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04CC0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04CCC000 \SystemRoot\system32\drivers\mssmbios.sys
0x04CD7000 \SystemRoot\System32\drivers\discache.sys
0x04CE6000 \SystemRoot\System32\Drivers\dfsc.sys
0x04D04000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04D15000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04D3B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04EBA000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05AE8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05A46000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05A6A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05A7B000 \SystemRoot\system32\drivers\usbehci.sys
0x05A8C000 \SystemRoot\system32\drivers\USBPORT.SYS
0x05C22000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05DAB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05DB8000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x05DCD000 \SystemRoot\system32\drivers\i8042prt.sys
0x04E00000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05DEB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05DED000 \SystemRoot\system32\drivers\mouclass.sys
0x05C00000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x05C08000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05C17000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05BDC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05BF2000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x04E52000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04E62000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x04E6D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04E83000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04EA7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x057B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x057E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04D89000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04DAA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05C1C000 \SystemRoot\system32\drivers\swenum.sys
0x04C00000 \SystemRoot\system32\drivers\ks.sys
0x05C1E000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x04C43000 \SystemRoot\system32\drivers\umbus.sys
0x05E37000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05E91000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05EA6000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x05ED6000 \SystemRoot\system32\drivers\portcls.sys
0x05F13000 \SystemRoot\system32\drivers\drmk.sys
0x05F35000 \SystemRoot\system32\drivers\ksthunk.sys
0x0680B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x05F3B000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F47000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0489E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05F55000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05F68000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05F76000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03C05000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x03DBD000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x03DCE000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x03DD7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03DE5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05F93000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05FA1000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05FB6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05FC3000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x05FD7000 \SystemRoot\system32\drivers\luafv.sys
0x0407D000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x04156000 \SystemRoot\system32\drivers\WudfPf.sys
0x04177000 \SystemRoot\system32\DRIVERS\epfw.sys
0x041A4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x041D5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04000000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04053000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04066000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x0406D000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
0x0767B000 \SystemRoot\system32\drivers\HTTP.sys
0x07744000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0774E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0776C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07784000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x077B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07624000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x07664000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x07EA7000 \SystemRoot\system32\drivers\peauth.sys
0x07F4D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07F58000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07F89000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07F9B000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
0x07E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CCA000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D62000 \SystemRoot\system32\drivers\LGVirHid.sys
0x07DDE000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77580000 \Windows\System32\ntdll.dll
0x47670000 \Windows\System32\smss.exe
0xFF8A0000 \Windows\System32\apisetschema.dll
0xFF340000 \Windows\System32\autochk.exe
0xFF820000 \Windows\System32\gdi32.dll
0xFF7F0000 \Windows\System32\imm32.dll
0xFF610000 \Windows\System32\setupapi.dll
0xFF530000 \Windows\System32\oleaut32.dll
0xFF520000 \Windows\System32\lpk.dll
0xFE790000 \Windows\System32\shell32.dll
0xFE580000 \Windows\System32\ole32.dll
0xFE4B0000 \Windows\System32\usp10.dll
0xFE3A0000 \Windows\System32\msctf.dll
0x77480000 \Windows\System32\user32.dll
0xFE300000 \Windows\System32\comdlg32.dll
0xFE220000 \Windows\System32\advapi32.dll
0x77750000 \Windows\System32\normaliz.dll
0xFE1A0000 \Windows\System32\difxapi.dll
0xFE140000 \Windows\System32\Wldap32.dll
0xFE120000 \Windows\System32\imagehlp.dll
0xFE080000 \Windows\System32\clbcatq.dll
0xFE030000 \Windows\System32\ws2_32.dll
0xFE010000 \Windows\System32\sechost.dll
0xFDEE0000 \Windows\System32\rpcrt4.dll
0xFDED0000 \Windows\System32\nsi.dll
0x77320000 \Windows\System32\wininet.dll
0x77740000 \Windows\System32\psapi.dll
0x771D0000 \Windows\System32\urlmon.dll
0xFDE30000 \Windows\System32\msvcrt.dll
0xFDDB0000 \Windows\System32\shlwapi.dll
0x770B0000 \Windows\System32\kernel32.dll
0x76EA0000 \Windows\System32\iertutil.dll
0xFDD90000 \Windows\System32\devobj.dll
0xFDD50000 \Windows\System32\cfgmgr32.dll
0xFDBE0000 \Windows\System32\crypt32.dll
0xFDB70000 \Windows\System32\KernelBase.dll
0xFDB30000 \Windows\System32\wintrust.dll
0xFDA90000 \Windows\System32\comctl32.dll
0xFDA80000 \Windows\System32\msasn1.dll
0x74EB0000 \Windows\SysWOW64\normaliz.dll
Processes (total 90):
0 System Idle Process
4 System
608 C:\Windows\System32\smss.exe
808 csrss.exe
884 C:\Windows\System32\wininit.exe
904 csrss.exe
940 C:\Windows\System32\services.exe
972 C:\Windows\System32\lsass.exe
980 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\svchost.exe
152 C:\Windows\System32\atiesrxx.exe
740 C:\Windows\System32\winlogon.exe
1068 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1360 WUDFHost.exe
1436 WUDFHost.exe
1576 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\atieclxx.exe
1796 C:\Windows\System32\FBAgent.exe
1820 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1860 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1940 C:\Windows\System32\spoolsv.exe
2016 C:\Windows\System32\svchost.exe
1984 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2056 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2112 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2232 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
2304 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2344 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2432 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2560 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2584 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
2784 C:\Windows\System32\taskhost.exe
1160 C:\Windows\System32\taskeng.exe
2364 C:\Windows\System32\dwm.exe
3176 C:\Windows\explorer.exe
3200 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
3216 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
3228 C:\Program Files\P4G\BatteryLife.exe
3344 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
3356 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3368 C:\Windows\System32\rundll32.exe
3412 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
3528 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
3604 C:\Windows\AsScrPro.exe
3652 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
3688 C:\Program Files (x86)\CyberLink\Shared files\brs.exe
3712 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
3720 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
3728 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
3736 C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
3836 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
3864 WmiPrvSE.exe
4016 C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
4024 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4052 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3852 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3760 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
3556 C:\Windows\SysWOW64\ACEngSvr.exe
3696 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4504 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
4548 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
4988 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
5012 C:\Windows\System32\SearchIndexer.exe
5112 taskhost.exe
680 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
5168 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
5420 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5676 C:\Program Files\Windows Media Player\wmpnetwk.exe
4008 C:\Windows\System32\svchost.exe
4788 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
4112 C:\Windows\explorer.exe
4088 C:\Program Files\ESET\ESET Smart Security\egui.exe
4336 D:\Valve\Steam\Steam.exe
2780 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
4576 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4160 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4144 C:\Windows\System32\SearchProtocolHost.exe
4280 C:\Windows\System32\SearchFilterHost.exe
4804 C:\Windows\explorer.exe
2428 C:\Windows\System32\audiodg.exe
4972 dllhost.exe
1612 dllhost.exe
1348 C:\Users\HIAS1985\Desktop\MBRCheck.exe
3296 C:\Windows\System32\conhost.exe
4068 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`fe342a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x0000003a`37c00000 (NTFS)
PhysicalDrive0 Model Number: ST9500420AS, Rev: 0002SDM1
PhysicalDrive1 Model Number: ST9500420AS, Rev: 0002SDM1
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F7ED2365FD5579D16F2315F1490304F53A8A30C6
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
|
31.05.2011, 18:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4221Dd01 - JS/Kryptik.AI Trojaner GMER ging nicht? Wofür verwendest du Laufwerke F und G? Du hast zwei interne 500-GB-Platten?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2011, 19:38
| #13 |
| | 4221Dd01 - JS/Kryptik.AI Trojaner Sorry! Das GMER hab ich wohl überlesen. GMER-Log Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-05-31 20:33:35
Windows 6.1.7601 Service Pack 1
Running: s8ft6duv.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60d5956
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60d5956@00219e615c0d 0x76 0x50 0x93 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60d5956@7c61936c8288 0xE4 0xDA 0x91 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60d5956 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60d5956@00219e615c0d 0x76 0x50 0x93 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60d5956@7c61936c8288 0xE4 0xDA 0x91 0x53 ...
---- EOF - GMER 1.0.15 ----
|
|
31.05.2011, 20:00
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4221Dd01 - JS/Kryptik.AI Trojaner Die MBRs sind unbekannt, ist v.a. bei der Hauptplatte (von der das Betriebssystem gebootet wird) heikel - unbekannt kann heißen "infiziert" - muss aber nicht. Mach bitte erstmal zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2011, 20:29
| #15 |
| | 4221Dd01 - JS/Kryptik.AI Trojaner Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6735
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
31.05.2011 22:07:08
mbam-log-2011-05-31 (22-07-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 533569
Laufzeit: 44 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SUPERAntiSpyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/01/2011 at 07:04 PM
Application Version : 4.53.1000
Core Rules Database Version : 7175
Trace Rules Database Version: 4987
Scan type : Complete Scan
Total Scan Time : 02:18:55
Memory items scanned : 711
Memory threats detected : 0
Registry items scanned : 13592
Registry threats detected : 0
File items scanned : 325490
File threats detected : 0
ESET Online Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=79eb9faac8016b408ac903ff1edf7909
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-01 07:07:15
# local_time=2011-06-01 09:07:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 15825 58578325 0 0
# compatibility_mode=8201 39157117 100 75 9394 12105315 0 0
# scanned=330283
# found=0
# cleaned=0
# scan_time=6760
# nod_component=V3 Build:0x30000000
Ich hoffe es war nicht schlecht, dass ich vor dem Scan den CCleaner ausgeführt habe. Gruß HIAS |
|
| Themen zu 4221Dd01 - JS/Kryptik.AI Trojaner |
| .dll, adobe, adobe flash player, asus, bho, c:\windows\system32\rundll32.exe, call of duty, defender, error, eset smart security, explorer, extras.txt, firefox, flash player, format, gfnexsrv.exe, home, install.exe, installation, jdownloader, js/kryptik.ai trojaner, launch, logfile, maßnahme, mozilla, mozilla thunderbird, neustart, oldtimer, otl.txt, plug-in, port, realtek, registry, scan, searchplugins, security, shell32.dll, software, spielen, sptd.sys, start menu, super, system neu, syswow64, teamspeak, trojane, trojaner, usb 2.0, webcheck |
Linear-Darstellung
