Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser öffnen Spam-Links, Winupdate geblockt, IExplorer kann gar nicht geöffnet werden,... (https://www.trojaner-board.de/88317-browser-oeffnen-spam-links-winupdate-geblockt-iexplorer-gar-geoeffnet.html)

Bernd_T 18.07.2010 15:34
Zitat:
Zitat von Larusso (Beitrag 543426)
C:\qoobox ? ;)
Das gehört zu CF.

Starte den Rechner neu auf.
Jupp, qoobox.
Rechner neugestartet.
Eine ComboFix.txt gibt es nicht (wohl weil abgebrochen). CF nocheinmal ausführen?

Bernd_T 18.07.2010 15:37
Hier noch kurz die Einträge, die der Avira Guard gemacht hat:

Code:
In der Datei 'C:\Qoobox\32788R22FWJFW\ipsec.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
Code:
In der Datei 'C:\Qoobox\32788R22FWJFW\ipsec.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
Code:
In der Datei 'C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Larusso 18.07.2010 15:49
Nein noch nicht.

CF sagte Rootkit ?

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
cd "%systemdrive%"
copy /y "C:\WINDOWS\system32\dllhsn32.dll" C:\dllhsn32.dll.vir
del /f "C:\WINDOWS\system32\dllhsn32.dll"
del %0
Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat, poste mir den Inhalt des Textdokuments.
Vista- User: Mit Rechtsklick "als Administrator starten"


Schritt 2
  • Dowloade Dir bitte TDSS Killer und speichere es am Desktop.
  • Extrahiere den Inhalt der Datei auf deinem Desktop.
    Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.

  • Drücke Windows +R Taste und kopiere folgendes in die Zeile und drücke OK.
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
  • Wenn das Tool fertig ist, erstellt es eine Logfile
    C:\TDSSKiller.txt
  • Bitte poste mir den Inhalt hier in deinen Thread.

Bitte poste in Deiner nächsten Antwort
TDSSKIller.txt

Bernd_T 18.07.2010 16:01
Zitat:
Zitat von Larusso (Beitrag 543448)
Nein noch nicht.

CF sagte Rootkit ?
Ja, Rootkit Activity detected, gefolgt von einem Neustart.



Zitat:
Zitat von Larusso (Beitrag 543448)
start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
cd "%systemdrive%"
copy /y "C:\WINDOWS\system32\dllhsn32.dll" C:\dllhsn32.dll.vir
del /f "C:\WINDOWS\system32\dllhsn32.dll"
del %0
Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat, poste mir den Inhalt des Textdokuments.
Die Batchdatei erzeugt keine Textdatei und löscht sich nach ausführung selbst, das DOS-fenster hat sich leider direkt selbst geschlossen, so dass ich den Output nicht kopieren konnte.

Weiter mit Schritt 2?

Larusso 18.07.2010 16:06
Sorry, wird auch keine Textdatei erzeugt :)
Hab vergessen das aus dem Baustein zu löschen.

Ja weiter :)

Bernd_T 18.07.2010 16:17
Zitat:
Zitat von Larusso (Beitrag 543448)
Schritt 2
  • Dowloade Dir bitte TDSS Killer und speichere es am Desktop.
  • Extrahiere den Inhalt der Datei auf deinem Desktop.
    Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.

  • Drücke Windows +R Taste und kopiere folgendes in die Zeile und drücke OK.
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
  • Wenn das Tool fertig ist, erstellt es eine Logfile
    C:\TDSSKiller.txt
  • Bitte poste mir den Inhalt hier in deinen Thread.

Bitte poste in Deiner nächsten Antwort
TDSSKIller.txt
Ausgeführt, nichts gefunden:
Code:
17:07:24:796 2500        TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
17:07:24:796 2500        ================================================================================
17:07:24:796 2500        SystemInfo:

17:07:24:796 2500        OS Version: 5.1.2600 ServicePack: 2.0
17:07:24:796 2500        Product type: Workstation
17:07:24:796 2500        ComputerName: ELCH
17:07:24:796 2500        UserName: *****
17:07:24:796 2500        Windows directory: C:\WINDOWS
17:07:24:796 2500        System windows directory: C:\WINDOWS
17:07:24:796 2500        Processor architecture: Intel x86
17:07:24:796 2500        Number of processors: 2
17:07:24:796 2500        Page size: 0x1000
17:07:24:796 2500        Boot type: Normal boot
17:07:24:796 2500        ================================================================================
17:07:25:312 2500        Initialize success
17:07:25:312 2500       
17:07:25:312 2500        Scanning        Services ...
17:07:25:593 2500        Raw services enum returned 334 services
17:07:25:609 2500       
17:07:25:609 2500        Scanning        Drivers ...
17:07:26:343 2500        3xHybrid        (315a45b5a334ed03667b1aa95d4a1f15) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
17:07:26:390 2500        acedrv11        (a6fe70357a68ad1e279cd1012419cce6) C:\WINDOWS\system32\drivers\acedrv11.sys
17:07:26:453 2500        ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:07:26:468 2500        ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:07:26:500 2500        aec            (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
17:07:26:546 2500        AFD            (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
17:07:26:578 2500        AmdK8          (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:07:26:609 2500        AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:07:26:640 2500        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:07:26:671 2500        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:07:26:687 2500        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:07:26:718 2500        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:07:26:781 2500        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:07:26:812 2500        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:07:26:843 2500        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:07:26:875 2500        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:07:26:968 2500        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:07:27:000 2500        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:07:27:000 2500        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:07:27:000 2500        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:07:27:046 2500        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:07:27:078 2500        CLEDX          (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
17:07:27:125 2500        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:07:27:156 2500        dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:07:27:218 2500        dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:07:27:234 2500        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:07:27:250 2500        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:07:27:265 2500        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:07:27:296 2500        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:07:27:312 2500        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:07:27:312 2500        Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:07:27:312 2500        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:07:27:359 2500        FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:07:27:359 2500        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:07:27:406 2500        Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:07:27:421 2500        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:07:27:453 2500        hamachi        (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:07:27:468 2500        HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:07:27:484 2500        hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:07:27:500 2500        HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
17:07:27:531 2500        i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:07:27:546 2500        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:07:27:593 2500        Ip6Fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:07:27:593 2500        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:07:27:609 2500        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:07:27:625 2500        IpNat          (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:07:27:656 2500        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:07:27:671 2500        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:07:27:703 2500        isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:07:27:734 2500        Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:07:27:750 2500        kbdhid          (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:07:27:781 2500        klmd23          (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
17:07:27:796 2500        kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
17:07:27:828 2500        KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
17:07:27:859 2500        ManyCam        (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
17:07:27:890 2500        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:07:27:906 2500        Modem          (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:07:27:953 2500        monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
17:07:28:000 2500        Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:07:28:000 2500        mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:07:28:000 2500        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:07:28:031 2500        MPE            (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:07:28:031 2500        MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:07:28:109 2500        MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:07:28:125 2500        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:07:28:140 2500        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:07:28:156 2500        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:07:28:171 2500        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:07:28:203 2500        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:07:28:203 2500        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
17:07:28:218 2500        MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:07:28:234 2500        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:07:28:250 2500        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:07:28:265 2500        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:07:28:265 2500        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:07:28:281 2500        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:07:28:312 2500        Ndisuio        (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:07:28:312 2500        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:07:28:312 2500        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:07:28:343 2500        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:07:28:406 2500        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:07:28:453 2500        NPF            (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
17:07:28:453 2500        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:07:28:484 2500        Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
17:07:28:500 2500        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:07:28:671 2500        nv              (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:07:28:812 2500        NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:07:28:812 2500        nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:07:28:843 2500        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:07:28:843 2500        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:07:28:875 2500        Parport        (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:07:28:906 2500        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:07:28:937 2500        ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:07:28:968 2500        PCI            (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:07:28:984 2500        PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:07:29:015 2500        Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:07:29:046 2500        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:07:29:078 2500        PQNTDrv        (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
17:07:29:109 2500        Processor      (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
17:07:29:109 2500        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:07:29:125 2500        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:07:29:140 2500        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:07:29:187 2500        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:07:29:203 2500        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:07:29:203 2500        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:07:29:218 2500        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:07:29:265 2500        Rdbss          (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:07:29:281 2500        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:07:29:281 2500        rdpdr          (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:07:29:312 2500        RDPWD          (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
17:07:29:359 2500        redbook        (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:07:29:437 2500        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x86\Sandra.sys
17:07:29:468 2500        Secdrv          (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:07:29:484 2500        serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:07:29:515 2500        Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:07:29:531 2500        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:07:29:562 2500        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:07:29:578 2500        splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
17:07:29:625 2500        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
17:07:29:656 2500        sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:07:29:671 2500        Srv            (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
17:07:29:687 2500        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:07:29:703 2500        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:07:29:718 2500        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:07:29:734 2500        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:07:29:750 2500        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:07:29:796 2500        Tcpip          (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:07:29:828 2500        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:07:29:859 2500        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:07:29:875 2500        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:07:29:937 2500        truecrypt      (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
17:07:29:968 2500        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:07:29:984 2500        Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:07:30:031 2500        usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
17:07:30:046 2500        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:07:30:062 2500        usbehci        (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:07:30:078 2500        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:07:30:078 2500        usbohci        (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:07:30:109 2500        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:07:30:125 2500        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:07:30:156 2500        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:07:30:156 2500        VIAHdAudAddService (80ed26c12af05779a3f897b9badf6f28) C:\WINDOWS\system32\drivers\viahduaa.sys
17:07:30:187 2500        VolSnap        (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:07:30:187 2500        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:07:30:218 2500        wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
17:07:30:234 2500        WmBEnum        (59c90bc8317bd3f6e5559a4deaf35090) C:\WINDOWS\system32\drivers\WmBEnum.sys
17:07:30:234 2500        WmFilter        (999a4539ad634a741afd357e290bd461) C:\WINDOWS\system32\drivers\WmFilter.sys
17:07:30:250 2500        WmVirHid        (0b8c64b13776f17537f0705fe62799c6) C:\WINDOWS\system32\drivers\WmVirHid.sys
17:07:30:265 2500        WmXlCore        (8d388aeb1a12c1192aa9b4ebceabcba6) C:\WINDOWS\system32\drivers\WmXlCore.sys
17:07:30:281 2500        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:07:30:296 2500        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:07:30:296 2500       
17:07:30:296 2500        Completed
17:07:30:296 2500       
17:07:30:296 2500        Results:
17:07:30:296 2500        Registry objects infected / cured / cured on reboot:        0 / 0 / 0
17:07:30:296 2500        File objects infected / cured / cured on reboot:        0 / 0 / 0
17:07:30:296 2500       
17:07:30:312 2500        KLMD(ARK) unloaded successfully

Larusso 18.07.2010 16:19
Ja, da hat CF schon gearbeitet.

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Lass CF erneut laufen.

Bernd_T 18.07.2010 16:38
ForoSpyware.com Link ist tot, lade von BleepingComputer.com herunter, benenne um in Combo-Fix.exe und starte.
Welches Vorgehen, wenn sich Avira nach einem Neustart wieder einmischt? Ignorieren? Löschen?

Larusso 18.07.2010 16:47
Danke für den Hinweis.

Wähle Ignorieren.

Bernd_T 18.07.2010 16:49
CF läuft::

1.) Beim Start nach Annahme des Disclaimers erscheint erneut folgende Nachricht:
Code:
Folgende Dateien haben versucht, sich an Combofix anzuhelften und wurden deaktiviert. Bitte notiere Die den Namen jeder Datei auf einem Stueck Papier. Wir benötigen diese vielleicht später noch einmal.
C:\WINDOWS\system32\dllhsn32.dll
2.) keine Rootkit-Meldung diesmal, Scan startet ohne Neustart

3.) Scan bis Stufe_50 läuft durch. Logfile wird generiert. Im Hintergrund erklingt mehrmals ein Windows "Pling"-Sound (wie wenn man auf eine ungültige Schaltfläche klickt oder ein Alert aufpoppt).

4.) Windows erscheint im XP-Look (vorher war Klassisches Erscheinungsbild eingestellt), Logfile wird angezeigt:

Bernd_T 18.07.2010 16:51
Combofix Logfile:
Code:
ComboFix 10-07-16.02 - Administrator 18.07.2010  17:42:11.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1033.18.2047.1520 [GMT 2:00]
ausgeführt von:: c:\documents and settings\****\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\dllhsn32.dll


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CmdLineExt.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-18 bis 2010-07-18  ))))))))))))))))))))))))))))))
.

2010-07-18 14:57 . 2010-07-16 22:19        46592        ----a-w-        C:\dllhsn32.dll.vir
2010-07-18 11:28 . 2010-07-18 11:28        --------        d-----w-        C:\_OTL
2010-07-17 15:36 . 2010-07-17 15:36        --------        d-s---w-        c:\documents and settings\****\UserData
2010-07-17 12:58 . 2010-07-17 12:58        --------        d-----w-        c:\program files\CCleaner
2010-07-17 12:38 . 2010-07-17 12:38        --------        d-----w-        c:\program files\lynx
2010-07-17 11:16 . 2010-07-17 11:16        --------        d-----w-        c:\documents and settings\****\Application Data\Wireshark
2010-07-17 11:08 . 2010-07-17 11:08        --------        d-----w-        c:\program files\WinPcap
2010-07-17 11:07 . 2010-07-17 11:08        --------        d-----w-        c:\program files\Wireshark
2010-07-16 23:37 . 2010-07-17 15:35        --------        d-----w-        c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-16 23:37 . 2010-07-16 23:43        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-07-16 23:30 . 2010-07-16 23:30        --------        d-----w-        c:\documents and settings\****\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 23:30 . 2010-07-16 23:30        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-16 23:30 . 2010-07-16 23:30        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-16 22:19 . 2010-07-16 22:19        46592        ----a-w-        c:\windows\system32\dllhsn32.dll.vir
2010-07-15 00:36 . 2010-07-15 00:36        --------        d-s---w-        c:\documents and settings\NetworkService\UserData
2010-07-14 08:49 . 2010-07-14 08:49        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-13 00:09 . 2010-07-16 23:24        --------        d-----w-        c:\documents and settings\****\Application Data\Dropbox
2010-07-11 15:01 . 2010-07-11 15:01        --------        d-----w-        c:\program files\ProtectDisc Driver Installer
2010-07-11 15:01 . 2010-07-11 15:01        4764120        ----a-w-        c:\documents and settings\****\Application Data\ProtectDisc\pe17da5e84.dll
2010-07-11 15:01 . 2010-07-11 15:01        --------        d-----w-        c:\documents and settings\****\Application Data\ProtectDisc
2010-07-08 01:00 . 2010-07-09 22:11        --------        d-----w-        c:\documents and settings\****\Local Settings\Application Data\Gas Powered Games
2010-07-08 00:58 . 2010-07-08 00:58        --------        d-----w-        c:\documents and settings\All Users\Application Data\Media Center Programs
2010-07-05 22:03 . 2010-07-05 22:03        --------        d-----w-        c:\program files\MusicLab
2010-06-29 23:22 . 2010-06-29 23:22        --------        d-----w-        c:\documents and settings\****\Application Data\Steinberg
2010-06-29 23:18 . 2005-05-09 18:08        33792        ----a-w-        c:\windows\system32\drivers\cledx.sys
2010-06-29 23:18 . 2002-11-25 03:46        16896        ----a-w-        c:\windows\system32\drivers\synasUSB.sys
2010-06-26 00:40 . 2010-07-10 20:13        --------        d-----w-        c:\documents and settings\****\Local Settings\Application Data\My Games

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 14:57 . 2010-02-05 22:43        --------        d-----w-        c:\documents and settings\****\Application Data\EditPlus 3
2010-07-18 13:17 . 2010-02-05 20:17        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-18 12:41 . 2010-02-05 22:38        2828        --sha-w-        c:\windows\system32\KGyGaAvL.sys
2010-07-18 12:38 . 2010-02-05 20:17        --------        d-----w-        c:\documents and settings\****\Application Data\Skype
2010-07-18 11:48 . 2010-02-05 20:20        --------        d-----w-        c:\documents and settings\****\Application Data\skypePM
2010-07-18 11:21 . 2010-02-05 21:57        --------        d-----w-        c:\documents and settings\****\Application Data\uTorrent
2010-07-18 03:27 . 2010-02-05 20:01        --------        d-----w-        c:\documents and settings\****\Application Data\Media Player Classic
2010-07-18 03:05 . 2010-02-14 17:55        --------        d-----w-        c:\documents and settings\****\Application Data\FileZilla
2010-07-17 08:09 . 2010-02-05 19:59        --------        d-----w-        c:\documents and settings\****\Application Data\Winamp
2010-07-10 20:13 . 2010-02-05 19:37        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-10 20:06 . 2010-06-17 09:18        --------        d-----w-        c:\documents and settings\****\Application Data\Microsoft Games
2010-07-07 00:21 . 2010-02-18 19:31        25        ----a-w-        c:\windows\popcinfot.dat
2010-07-06 11:54 . 2010-02-05 19:41        119000        ----a-w-        c:\documents and settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 22:03 . 2010-02-05 22:28        --------        d-----w-        c:\program files\Vstplugins
2010-07-04 21:06 . 2010-02-05 19:55        --------        d-----w-        c:\program files\Opera
2010-06-29 23:36 . 2010-04-22 04:24        --------        d-----w-        c:\program files\Steinberg
2010-06-26 00:39 . 2004-07-17 15:36        163644        ----a-w-        c:\windows\system32\drivers\secdrv.sys
2010-06-16 23:04 . 2010-06-16 23:04        --------        d-----w-        c:\program files\FreePDF_XP
2010-06-16 23:04 . 2010-06-16 23:04        --------        d-----w-        c:\documents and settings\All Users\Application Data\FreePDF
2010-06-16 23:04 . 2010-06-16 23:04        --------        d-----w-        c:\program files\gs
2010-06-14 11:24 . 2010-06-10 11:40        --------        d-----w-        c:\program files\FileZilla
2010-06-08 07:03 . 2010-06-08 07:03        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-06-07 14:14 . 2010-06-07 14:12        --------        d-----w-        c:\program files\Any Video Converter
2010-06-07 14:12 . 2010-06-07 14:12        --------        d-----w-        c:\documents and settings\****\Application Data\AnvSoft
2010-06-05 01:41 . 2010-06-05 01:41        --------        d-----w-        c:\program files\trueSpace761
2010-06-05 00:48 . 2010-06-05 00:47        --------        d-----w-        c:\program files\Python26
2010-06-05 00:41 . 2010-06-05 00:41        --------        d-----w-        c:\program files\Blender Foundation
2010-05-30 06:41 . 2010-05-30 06:36        --------        d-----w-        c:\documents and settings\****\Application Data\DVDVideoSoftIEHelpers
2010-05-30 06:40 . 2010-05-30 06:36        --------        d-----w-        c:\program files\Free YouTube to MP3 Converter
2010-05-30 06:36 . 2010-05-30 06:36        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-05-30 06:36 . 2010-05-30 06:36        --------        d-----w-        c:\program files\DVDVideoSoft
2010-05-29 09:12 . 2010-02-05 22:26        278240        ----a-w-        c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-29 01:12 . 2010-05-28 18:04        27126        ----a-w-        c:\windows\DIIUnin.dat
2010-05-28 18:05 . 2010-05-28 18:05        21840        ----a-w-        c:\windows\system32\SIntfNT.dll
2010-05-28 18:05 . 2010-05-28 18:05        17212        ----a-w-        c:\windows\system32\SIntf32.dll
2010-05-28 18:05 . 2010-05-28 18:05        12067        ----a-w-        c:\windows\system32\SIntf16.dll
2010-05-28 18:04 . 2010-05-28 18:04        2829        ----a-w-        c:\windows\DIIUnin.pif
2010-05-28 18:04 . 2010-05-28 18:04        94208        ----a-w-        c:\windows\DIIUnin.exe
2010-02-05 22:38 . 2010-02-05 22:38        88        --sha-r-        c:\windows\system32\5AFCDF6B76.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2005-12-21 987136]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2005-02-24 618496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09        413696        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"Hamachi2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TerraTec Scheduler"=c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Mass Effect 2\\MassEffect2Launcher.exe"=
"g:\\Steam\\Steam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"g:\\Blood Bowl\\BB.exe"=
"g:\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"g:\\Steam\\steamapps\\common\\natural selection 2\\NS2.exe"=
"g:\\Split Second\\SplitSecond.exe"=
"g:\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Neverwinter Nights 2\\nwn2server.exe"=
"g:\\Supreme Commander\\bin\\SupremeCommander.exe"=
"g:\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 20:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [05.02.2010 22:40 108289]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R3 3xHybrid;Cinergy 400 TV service;c:\windows\system32\drivers\3xHybrid.sys [04.12.2006 17:13 1121536]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05.02.2010 21:44 238080]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30.06.2010 01:18 33792]
S3 cpuz130;cpuz130;\??\c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09.02.2010 13:42 135664]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [05.04.2010 03:11 93336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.02.2010 22:32 691696]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - KLMD23
*Deregistered* - klmd23
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {AE0FA877-AD1C-49D6-AFB9-2806D13C77F9} = 192.168.1.1,212.37.37.37
FF - ProfilePath -

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-18 17:45
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2052111302-343818398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6a,a9,3c,62,f7,46,80,7d,aa,78,7c,02,c9,52,e8,da,7a,18,31,5f,04,
  46,2c,3c,31,bd,fc,f0,5e,27,00,b0,f9,56,73,55,82,03,27,20,09,a9,df,ac,62,d3,\
"rkeysecu"=hex:a2,83,41,12,f1,11,63,8a,33,8e,6a,3e,f9,d3,1a,f5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\nvLsp.dll
.
Zeit der Fertigstellung: 2010-07-18  17:46:42
ComboFix-quarantined-files.txt  2010-07-18 15:46

Vor Suchlauf: 26.532.515.840 bytes free
Nach Suchlauf: 26.505.170.944 bytes free

- - End Of File - - 7E8D2FA3C71BA4B670FF2B383FB09229
--- --- ---

Larusso 18.07.2010 16:54
Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen
Code:
c:\windows\system32\dllhsn32.dll
Also gehe wie hier beschrieben vor:
  • Öffne diese Webseite: virustotal
  • Klicke auf "Durchsuchen"
  • Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
  • "Senden der Datei"
  • Warte, bis der Scandurchlauf aller Virenscanner beendet ist
  • Auf "Filter" klicken
  • dann auf "Ergebnisse"
  • das Ergebnis (wie Du es bekommst )
    komplett markieren und hier rein kopieren
Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Bernd_T 18.07.2010 16:58
Ausgabe von Virustotal
Code:
Datei dllhsn32.dll empfangen 2010.07.18 16:06:04 (UTC)Antivirus        Version        letzte aktualisierung        Ergebnis
Kaspersky        7.0.0.125        2010.07.18        Backdoor.Win32.Papras.li
McAfee-GW-Edition        2010.1        2010.07.16        Heuristic.LooksLike.Trojan.Backdoor.Papras.I
Panda        10.0.2.7        2010.07.18        Trj/CI.A
Prevx        3.0        2010.07.18        Medium Risk Malware

weitere Informationen
File size: 46592 bytes
MD5...: 7a8c330fe611d713202f72ab84e2e66c
SHA1..: 626b51a9c2623c6c731d8910ff6c2f60344a58a7
SHA256: 0c0451c824f75e4343617b40f309d91cd364880a4c98a7af6604d5b82005305f
ssdeep: 768:kbwVf8AtC7IgfUoqFhlJrnRiYZNp6xfDTie6IJV+tsc4:kbwt8xI+U37rnex<br>ffD61tsc<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x13e7<br>timedatestamp.....: 0x3c624182 (Thu Feb 07 08:57:38 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7000 0x6800 7.17 67d358b8411c59c255d57e1e9c1187f9<br>.data 0x8000 0x1000 0x200 2.82 96845e53e1f7963737b2c834312aac9a<br>.kdata 0x9000 0x5000 0x4600 7.09 cacd373dbc270bce96cfbca6ee2105e1<br>.reloc 0xe000 0x1000 0x200 0.45 50d818beb1e1bfd1f9672495c8edbb3e<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: CreateEventA, GetProcessId, ExitProcess, LoadLibraryExA, GetCurrentProcessId<br><br>( 3 exports ) <br>ClientDllCleanup, ClientDllStartup, CreateProcessNotify<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
&lt;a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=A53AB91100093627B667007322251700CC4C3361' target='_blank'&gt;hxxp://info.prevx.com/aboutprogramtext.asp?PX5=A53AB91100093627B667007322251700CC4C3361&lt;/a&gt;

Larusso 18.07.2010 17:08
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
http://www.trojaner-board.de/88317-browser-oeffnen-spam-links-winupdate-geblockt-iexplorer-kann-gar-nicht-geoeffnet-werden-3.html#post543508

KillAll::
Collect::
c:\windows\system32\dllhsn32.dll

File::
C:\dllhsn32.dll.vir

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"odbcdial"=-
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Hinweis für Mitleser:
Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


Schritt 2

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Combofix.txt
OTL.txt

Bernd_T 18.07.2010 17:30
Combofix Logfile:
Code:
ComboFix 10-07-16.02 - **** 18.07.2010  18:18:14.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1033.18.2047.1645 [GMT 2:00]
ausgeführt von:: c:\documents and settings\****\Desktop\Combo-Fix.exe
Benutzte Befehlsschalter :: c:\documents and settings\****\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"C:\dllhsn32.dll.vir"

file zipped: c:\windows\system32\dllhsn32.dll
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dllhsn32.dll.vir
c:\windows\system32\dllhsn32.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-18 bis 2010-07-18  ))))))))))))))))))))))))))))))
.

2010-07-18 15:50 . 2010-07-18 15:50        --------        d-----w-        c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-07-18 11:28 . 2010-07-18 11:28        --------        d-----w-        C:\_OTL
2010-07-17 15:36 . 2010-07-17 15:36        --------        d-s---w-        c:\documents and settings\****\UserData
2010-07-17 12:58 . 2010-07-17 12:58        --------        d-----w-        c:\program files\CCleaner
2010-07-17 12:38 . 2010-07-17 12:38        --------        d-----w-        c:\program files\lynx
2010-07-17 11:16 . 2010-07-17 11:16        --------        d-----w-        c:\documents and settings\****\Application Data\Wireshark
2010-07-17 11:08 . 2010-07-17 11:08        --------        d-----w-        c:\program files\WinPcap
2010-07-17 11:07 . 2010-07-17 11:08        --------        d-----w-        c:\program files\Wireshark
2010-07-16 23:37 . 2010-07-17 15:35        --------        d-----w-        c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-16 23:37 . 2010-07-16 23:43        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2010-07-16 23:30 . 2010-07-16 23:30        --------        d-----w-        c:\documents and settings\****\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 23:30 . 2010-07-16 23:30        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-16 23:30 . 2010-07-16 23:30        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-15 00:36 . 2010-07-15 00:36        --------        d-s---w-        c:\documents and settings\NetworkService\UserData
2010-07-14 08:49 . 2010-07-14 08:49        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-13 00:09 . 2010-07-16 23:24        --------        d-----w-        c:\documents and settings\****\Application Data\Dropbox
2010-07-11 15:01 . 2010-07-11 15:01        --------        d-----w-        c:\program files\ProtectDisc Driver Installer
2010-07-11 15:01 . 2010-07-11 15:01        4764120        ----a-w-        c:\documents and settings\****\Application Data\ProtectDisc\pe17da5e84.dll
2010-07-11 15:01 . 2010-07-11 15:01        --------        d-----w-        c:\documents and settings\****\Application Data\ProtectDisc
2010-07-08 01:00 . 2010-07-09 22:11        --------        d-----w-        c:\documents and settings\****\Local Settings\Application Data\Gas Powered Games
2010-07-08 00:58 . 2010-07-08 00:58        --------        d-----w-        c:\documents and settings\All Users\Application Data\Media Center Programs
2010-07-05 22:03 . 2010-07-05 22:03        --------        d-----w-        c:\program files\MusicLab
2010-06-29 23:22 . 2010-06-29 23:22        --------        d-----w-        c:\documents and settings\****\Application Data\Steinberg
2010-06-29 23:18 . 2005-05-09 18:08        33792        ----a-w-        c:\windows\system32\drivers\cledx.sys
2010-06-29 23:18 . 2002-11-25 03:46        16896        ----a-w-        c:\windows\system32\drivers\synasUSB.sys
2010-06-26 00:40 . 2010-07-10 20:13        --------        d-----w-        c:\documents and settings\****\Local Settings\Application Data\My Games

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 14:57 . 2010-02-05 22:43        --------        d-----w-        c:\documents and settings\****\Application Data\EditPlus 3
2010-07-18 13:17 . 2010-02-05 20:17        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-07-18 12:41 . 2010-02-05 22:38        2828        --sha-w-        c:\windows\system32\KGyGaAvL.sys
2010-07-18 12:38 . 2010-02-05 20:17        --------        d-----w-        c:\documents and settings\****\Application Data\Skype
2010-07-18 11:48 . 2010-02-05 20:20        --------        d-----w-        c:\documents and settings\****\Application Data\skypePM
2010-07-18 11:21 . 2010-02-05 21:57        --------        d-----w-        c:\documents and settings\****\Application Data\uTorrent
2010-07-18 03:27 . 2010-02-05 20:01        --------        d-----w-        c:\documents and settings\****\Application Data\Media Player Classic
2010-07-18 03:05 . 2010-02-14 17:55        --------        d-----w-        c:\documents and settings\****\Application Data\FileZilla
2010-07-17 08:09 . 2010-02-05 19:59        --------        d-----w-        c:\documents and settings\****\Application Data\Winamp
2010-07-10 20:13 . 2010-02-05 19:37        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-10 20:06 . 2010-06-17 09:18        --------        d-----w-        c:\documents and settings\****\Application Data\Microsoft Games
2010-07-07 00:21 . 2010-02-18 19:31        25        ----a-w-        c:\windows\popcinfot.dat
2010-07-06 11:54 . 2010-02-05 19:41        119000        ----a-w-        c:\documents and settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 22:03 . 2010-02-05 22:28        --------        d-----w-        c:\program files\Vstplugins
2010-07-04 21:06 . 2010-02-05 19:55        --------        d-----w-        c:\program files\Opera
2010-06-29 23:36 . 2010-04-22 04:24        --------        d-----w-        c:\program files\Steinberg
2010-06-26 00:39 . 2004-07-17 15:36        163644        ----a-w-        c:\windows\system32\drivers\secdrv.sys
2010-06-16 23:04 . 2010-06-16 23:04        --------        d-----w-        c:\program files\FreePDF_XP
2010-06-16 23:04 . 2010-06-16 23:04        --------        d-----w-        c:\documents and settings\All Users\Application Data\FreePDF
2010-06-16 23:04 . 2010-06-16 23:04        --------        d-----w-        c:\program files\gs
2010-06-14 11:24 . 2010-06-10 11:40        --------        d-----w-        c:\program files\FileZilla
2010-06-08 07:03 . 2010-06-08 07:03        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-06-07 14:14 . 2010-06-07 14:12        --------        d-----w-        c:\program files\Any Video Converter
2010-06-07 14:12 . 2010-06-07 14:12        --------        d-----w-        c:\documents and settings\****\Application Data\AnvSoft
2010-06-05 01:41 . 2010-06-05 01:41        --------        d-----w-        c:\program files\trueSpace761
2010-06-05 00:48 . 2010-06-05 00:47        --------        d-----w-        c:\program files\Python26
2010-06-05 00:41 . 2010-06-05 00:41        --------        d-----w-        c:\program files\Blender Foundation
2010-05-30 06:41 . 2010-05-30 06:36        --------        d-----w-        c:\documents and settings\****\Application Data\DVDVideoSoftIEHelpers
2010-05-30 06:40 . 2010-05-30 06:36        --------        d-----w-        c:\program files\Free YouTube to MP3 Converter
2010-05-30 06:36 . 2010-05-30 06:36        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-05-30 06:36 . 2010-05-30 06:36        --------        d-----w-        c:\program files\DVDVideoSoft
2010-05-29 09:12 . 2010-02-05 22:26        278240        ----a-w-        c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-29 01:12 . 2010-05-28 18:04        27126        ----a-w-        c:\windows\DIIUnin.dat
2010-05-28 18:05 . 2010-05-28 18:05        21840        ----a-w-        c:\windows\system32\SIntfNT.dll
2010-05-28 18:05 . 2010-05-28 18:05        17212        ----a-w-        c:\windows\system32\SIntf32.dll
2010-05-28 18:05 . 2010-05-28 18:05        12067        ----a-w-        c:\windows\system32\SIntf16.dll
2010-05-28 18:04 . 2010-05-28 18:04        2829        ----a-w-        c:\windows\DIIUnin.pif
2010-05-28 18:04 . 2010-05-28 18:04        94208        ----a-w-        c:\windows\DIIUnin.exe
2010-02-05 22:38 . 2010-02-05 22:38        88        --sha-r-        c:\windows\system32\5AFCDF6B76.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2005-12-21 987136]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2005-02-24 618496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09        413696        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"Hamachi2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TerraTec Scheduler"=c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Mass Effect 2\\MassEffect2Launcher.exe"=
"g:\\Steam\\Steam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"g:\\Blood Bowl\\BB.exe"=
"g:\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"g:\\Steam\\steamapps\\common\\natural selection 2\\NS2.exe"=
"g:\\Split Second\\SplitSecond.exe"=
"g:\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Neverwinter Nights 2\\nwn2server.exe"=
"g:\\Supreme Commander\\bin\\SupremeCommander.exe"=
"g:\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 20:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [05.02.2010 22:40 108289]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R3 3xHybrid;Cinergy 400 TV service;c:\windows\system32\drivers\3xHybrid.sys [04.12.2006 17:13 1121536]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05.02.2010 21:44 238080]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30.06.2010 01:18 33792]
S3 cpuz130;cpuz130;\??\c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09.02.2010 13:42 135664]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [05.04.2010 03:11 93336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.02.2010 22:32 691696]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {AE0FA877-AD1C-49D6-AFB9-2806D13C77F9} = 192.168.1.1,212.37.37.37
FF - ProfilePath -

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-18 18:23
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2052111302-343818398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6a,a9,3c,62,f7,46,80,7d,aa,78,7c,02,c9,52,e8,da,7a,18,31,5f,04,
  46,2c,3c,31,bd,fc,f0,5e,27,00,b0,f9,56,73,55,82,03,27,20,09,a9,df,ac,62,d3,\
"rkeysecu"=hex:a2,83,41,12,f1,11,63,8a,33,8e,6a,3e,f9,d3,1a,f5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-18  18:25:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-18 16:25
ComboFix2.txt  2010-07-18 15:46

Vor Suchlauf: 26.497.904.640 bytes free
Nach Suchlauf: 26.488.745.984 bytes free

- - End Of File - - 9EFEF88542B651CF2AB89835FA5B1CCB
--- --- ---



OTL Logfile:
Code:
OTL logfile created on: 18.07.2010 18:27:49 - Run 3
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Documents and Settings\****\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,24 Gb Total Space | 24,69 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 100,01 Gb Total Space | 9,57 Gb Free Space | 9,57% Space Free | Partition Type: NTFS
Drive H: | 132,87 Gb Total Space | 3,90 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 224,85 Gb Total Space | 3,49 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
 
Computer Name: ELCH
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.17 17:47:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.21 15:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005.12.21 12:52:36 | 000,987,136 | ---- | M] (TerraTec Eletronic GmbH) -- C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe
PRC - [2004.08.04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.17 17:47:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
MOD - [2004.08.04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 05:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.08.17 08:54:36 | 000,093,336 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010.02.05 22:32:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.05 22:18:15 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.12 06:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.01.13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.05.08 23:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.03.25 13:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 13:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.14 16:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.12.04 17:13:14 | 001,121,536 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002.09.16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.01 14:04:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.01 14:04:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.18 15:22:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.11 16:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions
[2010.02.05 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.11 16:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010.07.17 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions
[2010.02.08 19:06:04 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.02.08 19:06:02 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.02.08 19:06:02 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2010.02.08 00:24:50 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.04.23 10:39:28 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.05 22:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.01 14:04:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.01 14:04:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.01 14:04:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.01 14:04:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.01 14:04:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.18 18:23:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe (TerraTec Eletronic GmbH)
O4 - HKLM..\Run: [TerraTec Scheduler] C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 21:10:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 15:32:42 | 000,000,044 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.18 18:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.07.18 17:05:10 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\****\Desktop\TDSSKiller.exe
[2010.07.18 15:35:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.18 15:33:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.18 15:33:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.18 15:33:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.18 15:33:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.18 15:29:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.18 14:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.18 13:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\GooredFix Backups
[2010.07.18 13:31:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\****\Desktop\GooredFix.exe
[2010.07.18 13:28:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.17 17:47:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
[2010.07.17 17:36:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\****\UserData
[2010.07.17 17:33:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\****\Recent
[2010.07.17 14:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.17 14:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\lynx
[2010.07.17 14:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\osam_autorun_manager_5_0_portable
[2010.07.17 13:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Wireshark
[2010.07.17 13:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010.07.17 13:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010.07.17 06:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.07.17 06:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.07.17 01:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.07.17 01:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.07.17 01:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Malwarebytes
[2010.07.17 01:30:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.17 01:30:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.17 01:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.17 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.07.17 00:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010.07.14 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.07.13 02:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Dropbox
[2010.07.11 17:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Drakensang
[2010.07.11 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2010.07.11 17:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\ProtectDisc
[2010.07.09 23:49:57 | 005,619,712 | ---- | C] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_fa_patch_1.5.3596_to_1.5.3599.exe
[2010.07.09 23:36:06 | 039,362,560 | ---- | C] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_patch_1.0.3189_to_1.1.3280.exe
[2010.07.09 07:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\dummy file generator12
[2010.07.08 03:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\Gas Powered Games
[2010.07.08 02:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Media Center Programs
[2010.07.06 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\MusicLab
[2010.06.30 01:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Steinberg
[2010.06.30 01:18:18 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010.06.30 01:18:11 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010.06.26 02:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\My Games
[2010.06.22 03:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Neverwinter Nights 2
[2010.06.17 16:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\FreePDF_XP
[2010.06.17 11:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Microsoft Games
[2010.06.17 01:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP
[2010.06.17 01:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreePDF
[2010.06.17 01:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2010.06.10 13:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla
[2010.06.08 09:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010.06.07 16:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Any Video Converter
[2010.06.07 16:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\AnvSoft
[2010.06.07 16:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2010.06.07 06:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Disney Interactive Studios
[2010.06.05 03:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\trueSpace761
[2010.06.05 02:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Python26
[2010.06.05 02:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2010.05.30 08:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\DVDVideoSoftIEHelpers
[2010.05.30 08:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.05.30 08:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube to MP3 Converter
[2010.05.30 08:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.05.28 20:04:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010.05.27 14:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010.05.27 12:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010.05.19 16:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010.05.19 16:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\ManyCam
[2010.05.19 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Webcam Simulator
[2010.05.17 23:29:20 | 000,278,528 | ---- | C] (Big Sphicter productions) -- C:\Documents and Settings\****\Desktop\cac106.exe
[2010.05.16 01:52:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.05.16 01:27:11 | 000,131,072 | ---- | C] (Sunplus) -- C:\WINDOWS\System\SP5X_32.DLL
[2010.05.09 16:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\X-Chat 2
[2010.05.09 16:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\X-Chat 2
[2010.05.06 02:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\WMTools Downloaded Files
[2010.05.05 19:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\quassel-irc.org
[2010.05.03 18:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\schach
[2010.05.02 17:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\InfraRecorder
[2010.05.02 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010.04.28 23:34:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.22 06:28:57 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010.04.22 06:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010.04.21 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\LucasArts
[2010.04.21 15:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\DVDVideoSoft
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.18 18:23:45 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.18 18:23:38 | 000,275,208 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.07.18 18:23:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.18 18:23:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 18:23:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.18 18:22:44 | 013,893,632 | -H-- | M] () -- C:\Documents and Settings\****\NTUSER.DAT
[2010.07.18 18:16:51 | 003,737,904 | R--- | M] () -- C:\Documents and Settings\****\Desktop\Combo-Fix.exe
[2010.07.18 17:02:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Lynx Browser.lnk
[2010.07.18 15:35:19 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.07.18 14:41:13 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.07.18 13:48:53 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010.07.18 13:31:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\****\Desktop\GooredFix.exe
[2010.07.18 05:46:54 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 04:43:24 | 000,037,680 | ---- | M] () -- C:\Documents and Settings\****\Desktop\wundenmann.jpg
[2010.07.18 02:06:18 | 000,000,574 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.18 02:06:18 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010.07.17 22:38:41 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\****\defogger_reenable
[2010.07.17 22:37:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Defogger.exe
[2010.07.17 17:47:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
[2010.07.17 15:15:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\****\Desktop\xtj2z9vg.exe
[2010.07.17 15:02:26 | 000,088,606 | ---- | M] () -- C:\Documents and Settings\****\My Documents\cc_20100717_150208.reg
[2010.07.17 14:58:43 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\****\Desktop\CCleaner.lnk
[2010.07.17 13:08:18 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010.07.17 13:07:51 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2010.07.17 11:20:58 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Miet-Anzeigen.doc
[2010.07.17 10:06:39 | 100,667,044 | ---- | M] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_159_nachrichtendienste.mp3
[2010.07.17 01:37:08 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Spybot - Search & Destroy.lnk
[2010.07.17 01:30:38 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.17 01:24:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.17 01:24:39 | 000,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.15 00:03:16 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00001119.LCS
[2010.07.13 09:14:26 | 006,178,944 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Delta Blues- Drunk Hearted Man ('Personally Groovy' take ).mp3
[2010.07.12 09:33:50 | 000,119,000 | ---- | M] () -- C:\Documents and Settings\****\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.11 21:34:38 | 118,095,214 | ---- | M] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_158_liquidfeedback.mp3
[2010.07.11 01:36:53 | 000,021,558 | ---- | M] () -- C:\Documents and Settings\****\My Documents\019._2wav.wav
[2010.07.11 01:35:46 | 000,021,558 | ---- | M] () -- C:\Documents and Settings\****\My Documents\019.wav
[2010.07.10 23:15:49 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Drakensang.lnk
[2010.07.09 23:50:31 | 005,619,712 | ---- | M] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_fa_patch_1.5.3596_to_1.5.3599.exe
[2010.07.09 23:41:22 | 039,362,560 | ---- | M] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_patch_1.0.3189_to_1.1.3280.exe
[2010.07.09 02:56:26 | 002,806,805 | ---- | M] () -- C:\Documents and Settings\****\Desktop\09 - Fantasy IV - Final Fantasy - Bombing Mission.mp3
[2010.07.08 02:59:06 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Supreme Commander.lnk
[2010.07.07 02:21:00 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010.07.06 13:54:06 | 000,119,000 | ---- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.04 23:06:48 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.06.30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\****\Desktop\TDSSKiller.exe
[2010.06.30 01:55:24 | 000,071,052 | ---- | M] () -- C:\Documents and Settings\****\Desktop\breeda_110g_e.mp3
[2010.06.30 01:55:15 | 000,084,844 | ---- | M] () -- C:\Documents and Settings\****\Desktop\shunta_92c_fsharp.mp3
[2010.06.30 01:55:08 | 000,070,634 | ---- | M] () -- C:\Documents and Settings\****\Desktop\breeda_110i_asharp.mp3
[2010.06.30 01:55:02 | 000,066,872 | ---- | M] () -- C:\Documents and Settings\****\Desktop\masha_117e_a.mp3
[2010.06.30 01:54:27 | 000,071,052 | ---- | M] () -- C:\Documents and Settings\****\Desktop\breeda_110e_c.mp3
[2010.06.30 01:54:21 | 000,106,578 | ---- | M] () -- C:\Documents and Settings\****\Desktop\clankmonsta_146b_fsharp.mp3
[2010.06.30 01:54:12 | 000,084,844 | ---- | M] () -- C:\Documents and Settings\****\Desktop\shunta_92i_b.mp3
[2010.06.30 01:54:05 | 000,084,426 | ---- | M] () -- C:\Documents and Settings\****\Desktop\shunta_92a_e.mp3
[2010.06.29 17:31:09 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Caligari.ini
[2010.06.29 10:23:16 | 000,006,498 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Ablauf Conquest.pdf
[2010.06.29 09:44:58 | 000,136,524 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Geoffrey_Fahne.aep
[2010.06.29 09:30:37 | 000,080,236 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Geoffrey.jpg
[2010.06.22 00:48:21 | 000,040,645 | ---- | M] () -- C:\Documents and Settings\****\Desktop\****062010.pdf
[2010.06.17 16:11:30 | 000,056,681 | ---- | M] () -- C:\Documents and Settings\****\Desktop\****thage.pdf
[2010.06.17 16:09:34 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\****\Desktop\****Angebot.doc
[2010.06.17 11:12:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.06.15 15:29:49 | 000,278,231 | ---- | M] () -- C:\Documents and Settings\****\Desktop\ARF_telserkd.sql
[2010.06.15 02:05:10 | 011,683,654 | ---- | M] () -- C:\Documents and Settings\****\My Documents\ColdSteel.pdf
[2010.06.14 15:18:37 | 175,413,889 | ---- | M] () -- C:\Documents and Settings\****\My Documents\FootballAll.mov
[2010.06.14 00:51:00 | 001,658,438 | ---- | M] () -- C:\Documents and Settings\****\Desktop\RW_ConQuest_V5.pdf
[2010.06.12 07:14:17 | 007,955,708 | -H-- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\IconCache.db
[2010.06.09 01:09:34 | 000,769,114 | ---- | M] () -- C:\Documents and Settings\****\Desktop\demo_loop_fahrstuhltechno.mp3
[2010.06.08 03:41:28 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Any Video Converter.lnk
[2010.06.05 13:59:19 | 000,071,537 | ---- | M] () -- C:\Documents and Settings\****\My Documents\Strecklade_01.RsScn
[2010.06.05 03:43:37 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\trueSpace7.61 Beta 8.lnk
[2010.06.05 02:48:20 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Blender.lnk
[2010.06.04 23:48:28 | 000,936,078 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMAG0184.JPG
[2010.06.01 06:59:05 | 003,294,650 | ---- | M] () -- C:\Documents and Settings\****\Desktop\turrican.mp3
[2010.05.31 01:47:44 | 000,013,155 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Bauchbinde_01.png
[2010.05.29 03:12:12 | 000,027,126 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010.05.28 20:05:23 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.05.28 20:05:23 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.05.28 20:05:23 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.05.28 20:04:26 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010.05.28 20:04:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2010.05.27 14:35:49 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.05.27 14:34:57 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.27 14:34:57 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.27 14:34:57 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.24 14:26:03 | 000,308,772 | ---- | M] () -- C:\Documents and Settings\****\Desktop\ZSL_Edirol_Performance.ope
[2010.05.19 16:28:41 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010.05.15 10:40:21 | 000,308,772 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Danglar_Trailer_Edirol_Performance.ope
[2010.05.11 04:50:16 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2010.05.10 13:53:38 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Kandeko - FAQ Quicktext.doc
[2010.05.02 17:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.19 23:23:37 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.18 18:16:23 | 003,737,904 | R--- | C] () -- C:\Documents and Settings\****\Desktop\Combo-Fix.exe
[2010.07.18 17:02:59 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Lynx Browser.lnk
[2010.07.18 15:35:19 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.07.18 15:35:16 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.07.18 15:33:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.18 15:33:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.18 15:33:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.18 15:33:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.18 15:33:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.18 04:30:37 | 000,037,680 | ---- | C] () -- C:\Documents and Settings\****\Desktop\wundenmann.jpg
[2010.07.17 22:38:38 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\****\defogger_reenable
[2010.07.17 22:37:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Defogger.exe
[2010.07.17 15:15:14 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\****\Desktop\xtj2z9vg.exe
[2010.07.17 15:02:12 | 000,088,606 | ---- | C] () -- C:\Documents and Settings\****\My Documents\cc_20100717_150208.reg
[2010.07.17 14:58:43 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\****\Desktop\CCleaner.lnk
[2010.07.17 13:08:17 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010.07.17 13:07:51 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2010.07.17 09:11:31 | 100,667,044 | ---- | C] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_159_nachrichtendienste.mp3
[2010.07.17 01:37:08 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Spybot - Search & Destroy.lnk
[2010.07.17 01:30:38 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.13 09:14:16 | 006,178,944 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Delta Blues- Drunk Hearted Man ('Personally Groovy' take ).mp3
[2010.07.11 17:01:39 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00001119.LCS
[2010.07.11 17:01:30 | 118,095,214 | ---- | C] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_158_liquidfeedback.mp3
[2010.07.11 01:36:53 | 000,021,558 | ---- | C] () -- C:\Documents and Settings\****\My Documents\019._2wav.wav
[2010.07.11 01:32:45 | 000,021,558 | ---- | C] () -- C:\Documents and Settings\****\My Documents\019.wav
[2010.07.10 23:15:49 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Drakensang.lnk
[2010.07.09 02:56:24 | 002,806,805 | ---- | C] () -- C:\Documents and Settings\****\Desktop\09 - Fantasy IV - Final Fantasy - Bombing Mission.mp3
[2010.07.08 02:59:06 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Supreme Commander.lnk
[2010.07.01 16:58:56 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Miet-Anzeigen.doc
[2010.06.30 01:55:23 | 000,071,052 | ---- | C] () -- C:\Documents and Settings\****\Desktop\breeda_110g_e.mp3
[2010.06.30 01:55:15 | 000,084,844 | ---- | C] () -- C:\Documents and Settings\****\Desktop\shunta_92c_fsharp.mp3
[2010.06.30 01:55:08 | 000,070,634 | ---- | C] () -- C:\Documents and Settings\****\Desktop\breeda_110i_asharp.mp3
[2010.06.30 01:55:02 | 000,066,872 | ---- | C] () -- C:\Documents and Settings\****\Desktop\masha_117e_a.mp3
[2010.06.30 01:54:26 | 000,071,052 | ---- | C] () -- C:\Documents and Settings\****\Desktop\breeda_110e_c.mp3
[2010.06.30 01:54:21 | 000,106,578 | ---- | C] () -- C:\Documents and Settings\****\Desktop\clankmonsta_146b_fsharp.mp3
[2010.06.30 01:54:12 | 000,084,844 | ---- | C] () -- C:\Documents and Settings\****\Desktop\shunta_92i_b.mp3
[2010.06.30 01:54:05 | 000,084,426 | ---- | C] () -- C:\Documents and Settings\****\Desktop\shunta_92a_e.mp3
[2010.06.29 10:23:12 | 000,006,498 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Ablauf Conquest.pdf
[2010.06.29 09:17:34 | 000,136,524 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Geoffrey_Fahne.aep
[2010.06.29 08:49:01 | 000,080,236 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Geoffrey.jpg
[2010.06.22 00:48:21 | 000,040,645 | ---- | C] () -- C:\Documents and Settings\****\Desktop\****062010.pdf
[2010.06.17 16:10:06 | 000,056,681 | ---- | C] () -- C:\Documents and Settings\****\Desktop\****thage.pdf
[2010.06.17 01:04:54 | 000,119,152 | ---- | C] () -- C:\WINDOWS\System32\redmon.hlp
[2010.06.17 01:04:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.06.17 01:04:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.06.15 15:29:49 | 000,278,231 | ---- | C] () -- C:\Documents and Settings\****\Desktop\ARF_telserkd.sql
[2010.06.15 14:39:51 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\****\Desktop\****.doc
[2010.06.15 02:02:13 | 011,683,654 | ---- | C] () -- C:\Documents and Settings\****\My Documents\ColdSteel.pdf
[2010.06.14 14:33:30 | 175,413,889 | ---- | C] () -- C:\Documents and Settings\****\My Documents\FootballAll.mov
[2010.06.14 00:51:00 | 001,658,438 | ---- | C] () -- C:\Documents and Settings\****\Desktop\RW_ConQuest_V5.pdf
[2010.06.09 01:09:20 | 000,769,114 | ---- | C] () -- C:\Documents and Settings\****\Desktop\demo_loop_fahrstuhltechno.mp3
[2010.06.08 03:41:28 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Any Video Converter.lnk
[2010.06.05 13:32:01 | 000,071,537 | ---- | C] () -- C:\Documents and Settings\****\My Documents\Strecklade_01.RsScn
[2010.06.05 03:43:37 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\trueSpace7.61 Beta 8.lnk
[2010.06.05 03:43:14 | 000,000,819 | ---- | C] () -- C:\WINDOWS\System32\regpackages.bat
[2010.06.05 02:48:20 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Blender.lnk
[2010.06.05 02:15:55 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2010.06.04 23:48:28 | 000,936,078 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMAG0184.JPG
[2010.06.01 06:53:26 | 003,294,650 | ---- | C] () -- C:\Documents and Settings\****\Desktop\turrican.mp3
[2010.05.31 01:38:40 | 000,013,155 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Bauchbinde_01.png
[2010.05.28 20:05:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.05.28 20:05:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.05.28 20:05:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.05.28 20:04:27 | 000,027,126 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.05.28 20:04:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2010.05.27 14:35:49 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.05.22 01:43:11 | 000,308,772 | ---- | C] () -- C:\Documents and Settings\****\Desktop\ZSL_Edirol_Performance.ope
[2010.05.19 16:28:41 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010.05.11 04:50:16 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2010.05.07 14:06:55 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Kandeko - FAQ Quicktext.doc
[2010.05.02 17:33:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010.04.19 23:23:37 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[2010.02.06 00:38:12 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.02.06 00:38:12 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5AFCDF6B76.sys
[2010.02.05 23:37:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.02.05 22:38:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.02.05 21:35:43 | 000,031,890 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010.02.05 21:35:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.02.05 21:34:51 | 000,031,577 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.02.05 21:34:51 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.05.03 00:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.02.01 01:55:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\System32\OSENXPSUITE2005.INI
[2007.04.17 16:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006.12.04 17:13:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004.08.04 06:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
 
========== LOP Check ==========
 
[2010.02.09 00:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010.02.05 22:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.06.17 01:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreePDF
[2010.02.18 21:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010.02.06 00:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010.02.05 22:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010.06.07 16:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\AnvSoft
[2010.02.09 00:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Ashampoo
[2010.02.22 03:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Braid
[2010.03.10 04:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Builder
[2010.02.07 02:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\DAEMON Tools Lite
[2010.07.17 01:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Dropbox
[2010.05.30 08:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\DVDVideoSoftIEHelpers
[2010.07.18 16:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\EditPlus 3
[2010.07.18 05:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\FileZilla
[2010.05.02 17:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\InfraRecorder
[2010.04.21 19:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\LucasArts
[2010.05.19 16:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\ManyCam
[2010.04.11 06:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Natural Selection 2
[2010.05.23 18:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Opera
[2010.07.11 17:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\ProtectDisc
[2010.02.06 00:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Publish Providers
[2010.05.05 20:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\quassel-irc.org
[2010.03.25 06:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Red Alert 3
[2010.02.25 15:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Sony
[2010.02.06 00:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Sony Setup
[2010.06.30 01:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Steinberg
[2010.02.05 22:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Thunderbird
[2010.02.06 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\TrueCrypt
[2010.07.18 13:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\uTorrent
[2010.07.17 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Wireshark
[2010.05.09 16:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\X-Chat 2
[2010.03.03 00:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Zen of Sudoku
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:22 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131