| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe mir den Trojaner TR/Dropper.Gen eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.06.2011, 12:02
| #1 |
| |  Habe mir den Trojaner TR/Dropper.Gen eingefangen Hallo zusammen! Habe mir leider den Trojaner eingefangen und würde ihn gerne wieder los werden  Hijack: ccleaner hab ich schon drüber geschickt, antimaleware und spybot ebenfalls. Danke!!!!  otl quick scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.06.2011 13:14:43 - Run 4 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Computer\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,67% Memory free 7,49 Gb Paging File | 5,88 Gb Available in Paging File | 78,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 128,70 Gb Free Space | 43,19% Space Free | Partition Type: NTFS Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.04 13:12:27 | 000,302,592 | ---- | M] () -- C:\Users\Computer\Desktop\ufcctiwn.exe PRC - [2011.05.29 10:14:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe PRC - [2011.04.30 12:22:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.04.28 14:30:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.18 11:35:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.12 23:16:29 | 003,046,808 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2011.01.05 10:49:54 | 002,113,536 | ---- | M] (MacroData Inc.) -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe PRC - [2010.11.14 17:01:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010.10.14 18:26:04 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.11.11 17:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe PRC - [2009.08.04 11:52:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.04 11:51:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.27 15:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009.07.13 15:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009.07.13 15:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe PRC - [2009.06.18 09:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe PRC - [2008.06.12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (SafeList) ========== MOD - [2011.05.29 10:14:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.28 14:30:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.18 11:35:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.05 10:49:54 | 002,113,536 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc) SRV - [2010.10.14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.08.25 18:43:19 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.21 21:50:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32) SRV - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.04 11:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.13 15:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV) SRV - [2009.06.18 09:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009.06.13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.03.24 15:00:00 | 000,241,664 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - [2011.03.18 11:35:10 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.22 14:06:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.07 09:25:14 | 000,047,680 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\MacroData Inc\NetDrive\NDFS.sys -- (ndfs) DRV - [2010.08.24 12:00:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.25 16:01:20 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010.06.25 16:01:16 | 000,142,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010.06.25 16:01:16 | 000,111,312 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010.06.25 16:01:16 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010.06.25 16:01:16 | 000,031,632 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.08.04 12:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.13 15:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.07.02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.04 23:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008.03.17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2005.12.06 17:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C9 AD 6A 0C 29 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 16:40:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 16:40:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 12:22:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 12:22:38 | 000,000,000 | ---D | M] [2010.08.20 20:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions [2011.06.04 11:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions [2011.03.22 07:00:38 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2011.03.22 13:51:54 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.01.05 15:36:24 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414} [2011.03.25 15:17:50 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.09.23 20:18:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.05.06 15:00:47 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\battlefieldplay4free@ea.com [2011.03.22 07:00:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\engine@conduit.com [2011.03.22 07:00:46 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\firebug@software.joehewitt.com [2010.12.30 18:16:32 | 000,000,913 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\jv70xuoh.default\searchplugins\conduit.xml [2011.05.23 00:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.05.23 00:12:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.08.21 11:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.06.02 16:40:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.06.02 16:40:50 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.08.21 11:31:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll [2011.03.07 10:32:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.07 10:32:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.24 11:58:54 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src [2011.03.07 10:32:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.07 10:32:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.07 10:32:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{248fbe7e-28a2-11e0-84bf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{248fbe7e-28a2-11e0-84bf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{33fa456b-fe1b-11df-a5d7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{33fa456b-fe1b-11df-a5d7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe O33 - MountPoints2\{467cd303-e1d7-11df-88b2-c29505fe4588}\Shell - "" = AutoRun O33 - MountPoints2\{467cd303-e1d7-11df-88b2-c29505fe4588}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4f29e709-289f-11e0-894e-da7464dd360b}\Shell - "" = AutoRun O33 - MountPoints2\{4f29e709-289f-11e0-894e-da7464dd360b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7d091aef-97f3-11df-8fc4-c417fe24a835}\Shell - "" = AutoRun O33 - MountPoints2\{7d091aef-97f3-11df-8fc4-c417fe24a835}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{86580a92-394e-11e0-a0da-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{86580a92-394e-11e0-a0da-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{86580ac7-394e-11e0-a0da-95a31879848e}\Shell - "" = AutoRun O33 - MountPoints2\{86580ac7-394e-11e0-a0da-95a31879848e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{86580aca-394e-11e0-a0da-95a31879848e}\Shell - "" = AutoRun O33 - MountPoints2\{86580aca-394e-11e0-a0da-95a31879848e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8730427f-af66-11df-872a-dc09d9566305}\Shell - "" = AutoRun O33 - MountPoints2\{8730427f-af66-11df-872a-dc09d9566305}\Shell\AutoRun\command - "" = S:\StartUp.exe O33 - MountPoints2\{9655b800-d567-11df-b808-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9655b800-d567-11df-b808-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9655b822-d567-11df-b808-e04f27c88013}\Shell - "" = AutoRun O33 - MountPoints2\{9655b822-d567-11df-b808-e04f27c88013}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a6222d03-f7e1-11df-bd46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a6222d03-f7e1-11df-bd46-806e6f6e6963}\Shell\AutoRun\command - "" = X:\AutoRun.exe O33 - MountPoints2\{c049ceb8-d23e-11df-8bb9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c049ceb8-d23e-11df-8bb9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c2c69aa0-94f8-11df-a976-002713593692}\Shell - "" = AutoRun O33 - MountPoints2\{c2c69aa0-94f8-11df-a976-002713593692}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c2c69b02-94f8-11df-a976-002713593692}\Shell - "" = AutoRun O33 - MountPoints2\{c2c69b02-94f8-11df-a976-002713593692}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d77f0be9-f4ce-11df-a265-f3ac8cc99165}\Shell - "" = AutoRun O33 - MountPoints2\{d77f0be9-f4ce-11df-a265-f3ac8cc99165}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d77f0bfe-f4ce-11df-a265-f3ac8cc99165}\Shell - "" = AutoRun O33 - MountPoints2\{d77f0bfe-f4ce-11df-a265-f3ac8cc99165}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{da17b6f9-f650-11df-81db-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{da17b6f9-f650-11df-81db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{da17b718-f650-11df-81db-dc2adbf0bd09}\Shell - "" = AutoRun O33 - MountPoints2\{da17b718-f650-11df-81db-dc2adbf0bd09}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{df3be35b-ca70-11df-a2be-ece4948c2504}\Shell - "" = AutoRun O33 - MountPoints2\{df3be35b-ca70-11df-a2be-ece4948c2504}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{df3be360-ca70-11df-a2be-ece4948c2504}\Shell - "" = AutoRun O33 - MountPoints2\{df3be360-ca70-11df-a2be-ece4948c2504}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{fe33fbc8-cfc3-11df-a63e-aabdffc12e51}\Shell - "" = AutoRun O33 - MountPoints2\{fe33fbc8-cfc3-11df-a63e-aabdffc12e51}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.04 12:23:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.06.03 10:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.06.03 10:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.06.03 10:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2011.06.02 16:41:41 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\DDMSettings [2011.06.02 16:40:37 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\DivX [2011.06.02 16:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.06.02 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2011.06.02 16:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011.06.02 16:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.06.02 13:02:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Computer\Desktop\GooredFix.exe [2011.05.29 10:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.05.29 10:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.05.29 10:21:44 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.29 10:14:10 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe [2011.05.28 14:55:10 | 000,000,000 | ---D | C] -- C:\rsit [2011.05.27 12:52:54 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.05.27 12:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011.05.23 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Sun [2011.05.23 00:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.05.23 00:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.23 00:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011.05.19 18:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.05.18 12:14:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.05.13 18:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft [2011.05.13 18:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.05.13 18:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2011.05.07 12:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra [2011.05.06 15:18:38 | 000,000,000 | ---D | C] -- C:\Users\Computer\Documents\Battlefield Play4Free [2011.05.06 15:04:11 | 000,000,000 | ---D | C] -- C:\SIERRA [2011.05.06 15:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2010.08.26 19:01:37 | 000,256,560 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.08.26 19:01:33 | 000,203,312 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.08.21 12:41:50 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Computer\AppData\Local\Wtrmrk.exe ========== Files - Modified Within 30 Days ========== [2011.06.04 13:12:27 | 000,302,592 | ---- | M] () -- C:\Users\Computer\Desktop\ufcctiwn.exe [2011.06.04 13:10:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.04 13:10:25 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\inbed.job [2011.06.04 13:10:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.04 13:10:11 | 3017,433,088 | -HS- | M] () -- C:\hiberfil.sys [2011.06.04 13:09:06 | 000,000,020 | ---- | M] () -- C:\Users\Computer\defogger_reenable [2011.06.04 13:08:05 | 000,050,477 | ---- | M] () -- C:\Users\Computer\Desktop\Defogger.exe [2011.06.04 12:42:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.04 12:34:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3107078819-1132679164-3173212847-1000UA.job [2011.06.04 12:30:55 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.04 12:30:55 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.04 11:41:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3107078819-1132679164-3173212847-1000Core.job [2011.06.03 10:51:07 | 000,007,596 | ---- | M] () -- C:\Users\Computer\AppData\Local\Resmon.ResmonCfg [2011.06.02 16:40:53 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.06.02 16:40:53 | 000,001,595 | ---- | M] () -- C:\Users\Computer\Desktop\DivX Movies.lnk [2011.06.02 16:40:33 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.06.02 13:04:10 | 000,001,238 | ---- | M] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk [2011.06.02 13:02:49 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Computer\Desktop\GooredFix.exe [2011.05.29 11:01:30 | 000,001,646 | ---- | M] () -- C:\Users\Computer\Documents\cc_20110529_110125.reg [2011.05.29 10:47:07 | 000,116,062 | ---- | M] () -- C:\Users\Computer\Documents\cc_20110529_104640.reg [2011.05.29 10:44:04 | 000,000,929 | ---- | M] () -- C:\Users\Computer\Desktop\CCleaner.lnk [2011.05.29 10:14:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe [2011.05.28 17:41:14 | 000,075,264 | ---- | M] () -- C:\Users\Computer\Desktop\SystemLook.exe [2011.05.28 14:35:11 | 000,339,991 | ---- | M] () -- C:\Users\Computer\Desktop\RSIT.exe [2011.05.27 12:52:54 | 000,002,979 | ---- | M] () -- C:\Users\Computer\Desktop\HiJackThis.lnk [2011.05.27 10:17:53 | 006,410,000 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.27 10:17:53 | 002,360,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.27 10:17:53 | 001,972,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.27 10:17:53 | 001,766,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.24 10:21:06 | 000,000,137 | ---- | M] () -- C:\Windows\SIERRA.INI [2011.05.23 00:11:56 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.22 11:00:15 | 000,001,849 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\GhostObjGAFix.xml [2011.05.19 18:23:37 | 020,533,281 | ---- | M] () -- C:\Users\Computer\Documents\vlc-1.1.9-win32.exe [2011.05.19 15:15:42 | 000,000,184 | --S- | M] () -- C:\Windows\System32\3749645405.dat [2011.05.13 17:28:01 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.05.13 17:27:56 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.05.13 15:34:13 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.05.06 15:18:02 | 000,138,056 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\PnkBstrK.sys ========== Files Created - No Company Name ========== [2011.06.04 13:12:51 | 000,302,592 | ---- | C] () -- C:\Users\Computer\Desktop\ufcctiwn.exe [2011.06.04 13:08:50 | 000,000,020 | ---- | C] () -- C:\Users\Computer\defogger_reenable [2011.06.04 13:08:33 | 000,050,477 | ---- | C] () -- C:\Users\Computer\Desktop\Defogger.exe [2011.06.02 16:40:53 | 000,001,595 | ---- | C] () -- C:\Users\Computer\Desktop\DivX Movies.lnk [2011.06.02 16:40:33 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2011.06.02 16:40:19 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.06.02 13:04:10 | 000,001,238 | ---- | C] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk [2011.05.29 11:01:28 | 000,001,646 | ---- | C] () -- C:\Users\Computer\Documents\cc_20110529_110125.reg [2011.05.29 10:46:53 | 000,116,062 | ---- | C] () -- C:\Users\Computer\Documents\cc_20110529_104640.reg [2011.05.29 10:44:04 | 000,000,929 | ---- | C] () -- C:\Users\Computer\Desktop\CCleaner.lnk [2011.05.29 10:38:49 | 000,075,264 | ---- | C] () -- C:\Users\Computer\Desktop\SystemLook.exe [2011.05.28 14:35:06 | 000,339,991 | ---- | C] () -- C:\Users\Computer\Desktop\RSIT.exe [2011.05.27 12:52:54 | 000,002,979 | ---- | C] () -- C:\Users\Computer\Desktop\HiJackThis.lnk [2011.05.23 00:11:56 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.22 11:00:15 | 000,001,849 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\GhostObjGAFix.xml [2011.05.19 18:23:19 | 020,533,281 | ---- | C] () -- C:\Users\Computer\Documents\vlc-1.1.9-win32.exe [2011.05.19 15:04:34 | 000,000,184 | --S- | C] () -- C:\Windows\System32\3749645405.dat [2011.05.18 09:11:09 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\inbed.job [2011.05.06 15:03:45 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.03.25 13:43:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.19 16:37:42 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.02.13 03:38:25 | 000,000,096 | ---- | C] () -- C:\Users\Computer\AppData\Local\fusioncache.dat [2011.01.30 21:53:43 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.30 21:53:42 | 000,138,056 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\PnkBstrK.sys [2011.01.30 21:53:11 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.30 21:53:10 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.01.30 21:53:09 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.08.26 19:07:22 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.08.26 19:01:35 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2010.08.26 19:01:34 | 001,765,168 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.08.26 19:01:34 | 000,034,480 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.08.26 19:01:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.08.24 12:22:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2010.08.24 12:22:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2010.08.21 12:41:50 | 002,076,309 | ---- | C] () -- C:\Users\Computer\AppData\Local\ntkrlICE.exe [2010.08.21 12:41:50 | 000,570,073 | ---- | C] () -- C:\Users\Computer\AppData\Local\gui.exe [2010.08.21 12:41:50 | 000,397,900 | ---- | C] () -- C:\Users\Computer\AppData\Local\4GB_GER.exe [2010.08.21 12:41:50 | 000,397,900 | ---- | C] () -- C:\Users\Computer\AppData\Local\4GB_EN.exe [2010.08.21 12:41:50 | 000,000,518 | ---- | C] () -- C:\Users\Computer\AppData\Local\UNAWAVE_EN.url [2010.08.21 12:41:50 | 000,000,240 | ---- | C] () -- C:\Users\Computer\AppData\Local\UPDATE.url [2010.08.21 12:41:50 | 000,000,216 | ---- | C] () -- C:\Users\Computer\AppData\Local\UNAWAVE_GER.url [2010.08.20 22:33:59 | 000,007,596 | ---- | C] () -- C:\Users\Computer\AppData\Local\Resmon.ResmonCfg [2010.07.21 20:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.30 12:56:46 | 006,410,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.30 12:56:46 | 001,972,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.30 12:56:46 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.30 12:56:46 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 002,407,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 002,360,424 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 001,766,928 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.14 01:19:28 | 000,006,672 | ---- | C] () -- C:\Windows\System32\advapi32g.dat [2009.07.14 01:19:28 | 000,005,648 | ---- | C] () -- C:\Windows\System32\acleditp.dat [2009.06.18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2010.08.25 18:43:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Autodesk [2011.05.09 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Canon [2010.08.24 12:56:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Lite [2010.08.24 11:30:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Net [2011.03.07 13:05:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Desktop Apps [2010.08.08 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.24 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\foobar2000 [2011.03.22 03:04:40 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\GHISLER [2010.11.28 11:51:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ijjigame [2010.12.19 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\mquadr.at [2011.01.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Need for Speed World [2011.03.08 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\NetDrive [2010.09.10 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org [2010.07.23 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Program Files [2011.03.07 14:29:24 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Typograf [2010.07.21 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716} [2011.06.04 13:10:25 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\inbed.job [2011.06.03 10:45:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C86B29EB < End of report > und hier das ergebnis von gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-04 13:43:47
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS723232L9A360 rev.FC4OC60D
Running: ufcctiwn.exe; Driver: C:\Users\Computer\AppData\Local\Temp\pgddrkoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrlICE.exe!ZwSaveKeyEx + 13AD 83095599 1 Byte [06]
.text ntkrlICE.exe!KiDispatchInterrupt + 5A2 830B9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96040000, 0x2D51CE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[300] ntdll.dll!NtProtectVirtualMemory 76FE51C0 5 Bytes JMP 0185000A
.text C:\Windows\Explorer.EXE[300] ntdll.dll!NtWriteVirtualMemory 76FE5D40 5 Bytes JMP 0186000A
.text C:\Windows\Explorer.EXE[300] ntdll.dll!KiUserExceptionDispatcher 76FE6298 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 76FE51C0 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtWriteVirtualMemory 76FE5D40 5 Bytes JMP 0042000A
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!KiUserExceptionDispatcher 76FE6298 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[976] ole32.dll!CoCreateInstance 764C590C 5 Bytes JMP 00A5000A
.text C:\Windows\system32\svchost.exe[976] USER32.dll!GetCursorPos 7618C198 5 Bytes JMP 00E4000A
.text C:\Windows\system32\svchost.exe[976] USER32.dll!GetForegroundWindow 7619565D 5 Bytes JMP 00E7000A
.text C:\Windows\system32\svchost.exe[976] USER32.dll!WindowFromPoint 761B6D0C 5 Bytes JMP 00E6000A
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2280] kernel32.dll!SetUnhandledExceptionFilter 76853162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5424] USER32.dll!TrackPopupMenu 761B4B3B 5 Bytes JMP 6384C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!NtProtectVirtualMemory 76FE51C0 5 Bytes JMP 001A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!NtWriteVirtualMemory 76FE5D40 5 Bytes JMP 001B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!KiUserExceptionDispatcher 76FE6298 5 Bytes JMP 0019000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000072 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713593692
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713593692@0022989e319f 0xF3 0xA0 0xD5 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713593692@44f45930e600 0x47 0x6F 0x22 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???j?|??????????????t????????????????????????????3???????????????8??????????????????????????????????????????????????????USB???????4?????????1????????????5??pn???j?j?t?u?????????????????j??????p????????????}??t5?????????????????????????????????????? ????????????????????????h???????|??????????????_n????b??t?????????e?????????????????????????????????????d????????????b??????7????????X?????????????????????????????????????????Video Save????????????????????????????????????????????????????????X??????????t??*teredo??_????????????J??j?????????e?????????????????????????????????j????????m?????????????????? ???????o?????j?????s????????$?????????????@%SystemRoot%\ehome\ehres.dll,-15501?????????????????????????t?t?t???????j??????????????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation?????????????????t????t?t?t???t?????? ?????????????J??j?????????n?????????????B???????e??????????????t???t???@%SystemRoot%\ehome\ehres.dll,-15502? ????N??j???????????e??SSDPSRV?IPBusEnum?TermService?fdphost???????? 4??t?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???l?|??????????????????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0000?????????59??Root\*6TO4MP\0007?????????????????????????????~??l??????????? ???????k?????k?????j????????????$??????????0????X??l??????????????? ???????k???????????v??????????P????????????????k??????????root\rdp_kbd? ???l?????k?&???????????????s??{4d36e97d-e325-11ce-bfc1-08002be10318}?us???? l??n???_?????4?????????????????????????????k?k?k??????????STORAGE\VolumeSnapshot???????????????|???????????d?g? ??????????????t????????????3??????? ???????k?????k?????j????????????%??????????0???????????????????k??? ???????k???????????y??????????P????????????????l???????????l?kos???l?l?l?????????k?&??machine.inf:GENDEV_SYS.NTx86:RDP_KBD:6.1.7600.16385:root\rdp_kbd??????????????????????X?????????????????????????????si???l???????????????????????4?????s6?????X??????i???N???????????????????????????C?????s4-??????????????????? ???????k?????i?????j????????????&? ???????I???{71a27cdd-812a-11d0-bec7-08002be2092f}\0001?in???????0?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x18 0x91 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0x6A 0x6C 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x5E 0x0F 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x61 0x82 0x8A 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1D 0x47 0xDD 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x42 0x6F 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713593692 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713593692@0022989e319f 0xF3 0xA0 0xD5 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713593692@44f45930e600 0x47 0x6F 0x22 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???j?k???j???j?????????????????s????USB??????????????????????????k???j????"??????????k???m??si???k???????|??? $??k???y?????r?s??? ^?????? ???????3??LegacyDriver????PrinterBusEnumerator?m??? ??????????????s????????????j??????si???????????D??????\a???j?j?s???p????N??????D????D??????????k???j???j???k?k?k??????????WPD????????????????????s?????j??????????????????LegacyDriver? ????N??j?????????3??????N???????????D??????i?i?i?j?j???????????i???3???e???????k???j???????j???"??????????????????Net??k???????????D??????\a???????k???????????????T???1??s????????????0???????????????z???k?? ????????????j??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s????????????? ???????k???????????q?????????????????s?????????????????????k???????3???????????????????????????????????????v??e????????????????????????k???f?i?j?j?j?j??????N??k???i????D.6.???h?i?j?i?????????????k???????????3???????????p???k?k?3??? ??k???3??????\r????P??n?????????e?????????j??????s????????????0??e2???k?????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???Z?k????X??????6???6????????????????????????????????????????@??????e??????ag??usbohci??/???????j??????????????????????tunnel?j?j???`?a?`??? ???h?????????-????????????????????????????????NDIS????? ???????Z?????Z???????1????????????&????????????????????i??? ???????????????????Z?1??????*????? ???????6-???????????8??????????dl??????????????????????d?????:??Z??????????Bluetooth-Netzwerkverbindung????? :??????o??????????NDIS?;?????Z????? ???????Z?????Z???????1????????????&???????????????????????? ???????Z???????????Z?1??????*? ??? ???????????????????????????????d????????????????????????Z?Z?Z???? ??Z??????????LAN-Verbindung*????????Z?????????????6??????????ndfs?E???????????????????????g?g?e??????????????????????????????? ???h?????????.?&???????????????????????a?a?`??????????????????????????m???? \??g?????????0?0??4&7a8b3fc&0??????????????????????????????????-??u4???g?g?0??*6to4mp??????????????????????????????Z?Z?Z??????????? ???????Z?????Z???????1????????????&??????????????????????????Z?????Z??? ???????Z?????????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x18 0x91 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0x6A 0x6C 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x5E 0x0F 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x61 0x82 0x8A 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1D 0x47 0xDD 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x42 0x6F 0xFE ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
Danke für eure hilfe!!!!! |
|
05.06.2011, 15:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Habe mir den Trojaner TR/Dropper.Gen eingefangenZitat:
__________________ |
|
| Themen zu Habe mir den Trojaner TR/Dropper.Gen eingefangen |
| alternate, antivir, antivir guard, avira, bho, bonjour, browser, computer, desktop, document, excel.exe, firefox, google, hijackthis, hilfe!!, home, hängen, installation, internet explorer, intranet, lan-verbindung, langs, lanmanworkstation, launch, locker, mozilla, ntdll.dll, object, oldtimer, pando media booster, plug-in, registry, safer networking, searchplugins, security, senden, server, software, sptd.sys, start menu, system, teredo, trojaner, trojaner eingefangen, tunnel, webcheck, windows |
Linear-Darstellung
