Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ebay Account missbraucht, Quelle unbekannt. (https://www.trojaner-board.de/84369-ebay-account-missbraucht-quelle-unbekannt.html)

Marco90 31.03.2010 19:15
ebay Account missbraucht, Quelle unbekannt.
 
Ich hab heute festgestellt, dass gestern über meinen ebay-Account ein Artikel ersteigert wurde. ebay ist benachrichtigt, ebenso wie der Verkäufer.
Passwort wurde sofort geändert.

Natürlich mache ich mir jetzt sorgen und versuche irgendwie an den Mittler zwischen mir und dem Hacker zu kommen. Eine Datei oder ähnliches.

Ich hab erstmal MB Anti-Malware durchlaufen lassen.
Code:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3

31.03.2010 20:10:04
mbam-log-2010-03-31 (20-10-04).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|)
Durchsuchte Objekte: 440705
Laufzeit: 1 hour(s), 20 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
HijackThis wird folgen.

Marco90 31.03.2010 19:20
Hier das HijackThis Logfile

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:53, on 31.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
F:\itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vtune\TBPanel.exe
F:\Rainlendar2\Rainlendar2.exe
F:\Nettalk6\Nettalk.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Bonjour\mDNSResponder.exe
F:\hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Dokumente und Einstellungen\marco\Desktop\Darkfix.exe
F:\Steam\Steam.exe
F:\Trillian\trillian.exe
F:\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://p.yigao.com/servlet/clickHandler?uid=21362&zid=83876&zsid=e8522095003e2976ae6f90b0ff5ca27a&atid=100000&cid=28809&at=2&aid=14782&cyid=20091109_3&ct=2&bt=1&sid=c0d73700cae2dedf0b391766f942fd34&url=http%3A%2F%2Fp.yiqifa.com%2Fc%3Fs%3Daded5f32%26w%3D72244%26c%3D4264%26i%3D4562%26l%3D0%26e%3Dyigao_%7B0%7D%26t%3Dhttp%3A%2F%2Fhome.3gm.com.cn%2Fdo.php%3Fac%3Dfswd&referUrl=http%3A%2F%2F116.76.255.122%2Ftvantsad%2Fyiqifa2.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10762 bytes

P.S: Ich hab von ebay schon eine Mail gekriegt, dass ich den Artikel nicht zahlen muss!

StLB 31.03.2010 19:43
Hallo,

typisch hierfür wäre ein sog. Keylogger, der sämtliches Geschriebenes mitliest.

Zitat:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3
Das bringt nichts - aktuell wäre Version 1.45, DB-Version: 3933 (oder höher).
Am besten deinstallieren, Malwarebytes neuinstallieren - auf aktuelle Datenbank-Version achten - und einen erneuten Vollscan machen. :)
Mache bitte noch zusätzlich einen Systemscan mit RSIT und poste die Logfiles hier.

Ich würde auf jeden Fall mal alle Passwörter von einem sauberen Rechner aus ändern (E-Mail, ev. Online-Banking, etc.).

Marco90 31.03.2010 21:13
Hier das neue Anti-Malware Log

Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3938

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.03.2010 22:09:47
mbam-log-2010-03-31 (22-09-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 423463
Laufzeit: 1 Stunde(n), 20 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Temp\data\venmix.exe (Trojan.Wreckit) -> Not selected for removal.
Anmerkung: Die erste Datei ist 100pro nur eine BAT-Datei die ich damals als reconnecter für meinen Router hatte.
Die zweite Dateil ist der bekannte Ventrilomix. Also eigentlich nichts besonderes...
Da ich die erste Datei auf jedenfall nicht mehr brauche hab ich die mal deleted.

Das angekündigte RSIT Logfile
Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by marco at 2010-03-31 22:13:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 50 GB
Total RAM: 3326 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:43, on 31.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
F:\itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vtune\TBPanel.exe
F:\Rainlendar2\Rainlendar2.exe
F:\Nettalk6\Nettalk.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Bonjour\mDNSResponder.exe
F:\hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Steam\Steam.exe
F:\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\marco.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://p.yigao.com/servlet/clickHandler?uid=21362&zid=83876&zsid=e8522095003e2976ae6f90b0ff5ca27a&atid=100000&cid=28809&at=2&aid=14782&cyid=20091109_3&ct=2&bt=1&sid=c0d73700cae2dedf0b391766f942fd34&url=http%3A%2F%2Fp.yiqifa.com%2Fc%3Fs%3Daded5f32%26w%3D72244%26c%3D4264%26i%3D4562%26l%3D0%26e%3Dyigao_%7B0%7D%26t%3Dhttp%3A%2F%2Fhome.3gm.com.cn%2Fdo.php%3Fac%3Dfswd&referUrl=http%3A%2F%2F116.76.255.122%2Ftvantsad%2Fyiqifa2.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe (User 'Default user')
O4 - Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10907 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-25 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll [2009-10-30 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programme\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton-Symbolleiste anzeigen - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 316784]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Programme\Norton Internet Security\osCheck.exe [2007-08-25 714608]
"CTDVDDET"=C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"CTSysVol"=C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"AudioDrvEmulator"=C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-06-18 16384]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2008-09-05 1794048]
"Start WingMan Profiler"=C:\Programme\Logitech\Gaming Software\LWEMon.exe [2009-09-16 153608]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"HP Component Manager"=C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-08 18789920]
"SearchSettings"=C:\Programme\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=F:\itunes\iTunesHelper.exe [2010-02-15 141608]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TBPanel"=C:\Programme\Vtune\TBPanel.exe [2009-05-12 2158592]
"AdobeBridge"= []
"Rainlendar2"=F:\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart
Nettalk.lnk - F:\Nettalk6\Nettalk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Football2009\fm.exe"="F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo"
"F:\Footman10\fm.exe"="F:\Footman10\fm.exe:*:Enabled:Football Manager 2010"
"F:\Steam\Steam.exe"="F:\Steam\Steam.exe:*:Enabled:Steam"
"F:\League of Legends\Air\LolClient.exe"="F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"F:\League of Legends\Game\League of Legends.exe"="F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"F:\Dirt2\dirt2.exe"="F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo"
"F:\Dirt 2\dirt2_game.exe"="F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\LimeWire\LimeWire.exe"="F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe"="F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe"="F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\itunes\iTunes.exe"="F:\itunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe"="F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-31 20:49:30 ----D---- C:\rsit
2010-03-31 20:45:05 ----A---- C:\mbam-error.txt
2010-03-31 20:14:54 ----D---- C:\WINDOWS\LastGood
2010-03-31 15:09:20 ----A---- C:\WINDOWS\system32\SET150.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET154.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14F.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14C.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14B.tmp
2010-03-31 15:09:18 ----A---- C:\WINDOWS\system32\SET151.tmp
2010-03-19 19:49:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2010-03-19 19:48:04 ----D---- C:\WINDOWS\system32\TVUAx
2010-03-18 22:48:31 ----A---- C:\WINDOWS\IsUn0407.exe
2010-03-17 11:13:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
2010-03-15 02:27:07 ----D---- C:\Programme\Ventrilo
2010-03-15 02:27:03 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-03-14 18:32:20 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Ubisoft
2010-03-14 02:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-13 19:22:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-04 21:38:38 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Apple Computer
2010-03-04 21:38:29 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-04 21:37:52 ----D---- C:\Programme\iPod
2010-03-04 21:37:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-04 21:36:59 ----D---- C:\Programme\QuickTime
2010-03-04 21:36:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-03-04 21:36:49 ----D---- C:\Programme\Apple Software Update
2010-03-04 21:36:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-03-04 21:36:13 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-03-04 21:36:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2010-03-04 21:27:37 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-04 21:27:36 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-03-02 12:30:31 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\HLSW
2010-03-01 22:28:26 ----A---- C:\WINDOWS\system32\prospeed_bmp2jpg.dll
2010-03-01 22:07:38 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\MMJ_BABYBOX

======List of files/folders modified in the last 1 months======

2010-03-31 22:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974455_1$
2010-03-31 22:10:12 ----D---- C:\WINDOWS\system32\drivers
2010-03-31 21:45:10 ----D---- C:\Programme\Mozilla Firefox
2010-03-31 21:28:02 ----D---- C:\Programme\Mozilla Thunderbird
2010-03-31 20:49:35 ----D---- C:\WINDOWS\Prefetch
2010-03-31 20:49:33 ----D---- C:\WINDOWS\Temp
2010-03-31 20:49:32 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2010-03-31 20:45:04 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-03-31 20:15:40 ----HD---- C:\WINDOWS\inf
2010-03-31 20:15:39 ----D---- C:\WINDOWS
2010-03-31 20:15:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 20:15:34 ----D---- C:\WINDOWS\system32
2010-03-31 20:15:34 ----D---- C:\Programme\Internet Explorer
2010-03-31 20:14:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-31 15:07:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 20:42:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 20:42:43 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Nettalk
2010-03-30 20:42:42 ----A---- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK
2010-03-28 19:07:11 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\teamspeak2
2010-03-26 18:52:39 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-03-26 18:46:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-24 23:14:39 ----D---- C:\Programme\FTP Commander
2010-03-24 23:13:33 ----SD---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Microsoft
2010-03-23 16:03:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-23 15:56:00 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-03-23 09:23:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2010-03-19 02:06:51 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Adobe
2010-03-18 17:32:34 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\LimeWire
2010-03-18 13:04:07 ----D---- C:\WINDOWS\Minidump
2010-03-17 12:25:42 ----RD---- C:\Programme
2010-03-17 12:24:35 ----HD---- C:\Programme\InstallShield Installation Information
2010-03-17 04:04:54 ----SHD---- C:\WINDOWS\Installer
2010-03-17 04:04:54 ----D---- C:\WINDOWS\WinSxS
2010-03-17 04:03:28 ----RSD---- C:\WINDOWS\assembly
2010-03-17 04:03:07 ----D---- C:\WINDOWS\system32\DirectX
2010-03-17 02:57:37 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mumble
2010-03-15 02:26:56 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2010-03-14 02:27:16 ----A---- C:\WINDOWS\imsins.BAK
2010-03-14 02:27:10 ----D---- C:\Programme\Movie Maker
2010-03-05 21:21:51 ----A---- C:\WINDOWS\PROFED32.INI
2010-03-05 19:55:03 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\XLEHRBUCH
2010-03-04 21:38:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-04 21:37:33 ----D---- C:\Programme\Bonjour
2010-03-04 21:36:13 ----D---- C:\Programme\Gemeinsame Dateien
2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-06-18 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-06-18 438784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-06-18 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-06-18 142336]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-06-18 77824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 fwlanusbn;FRITZ!WLAN N; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [2008-09-05 419328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-06-18 751104]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-06-18 178688]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-08 6017568]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100330.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100330.048\NAVEX15.SYS []
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-03 8087712]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-06-18 114688]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-31 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\ipsdefs\20100320.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-09-11 31752]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056]
S3 ai4nwwsx;ai4nwwsx; C:\WINDOWS\system32\drivers\ai4nwwsx.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-06-07 340176]
S3 dxdiag.sys;dxdiag.sys; \??\C:\DOKUME~1\marco\LOKALE~1\Temp\dxdiag.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-06-18 153088]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Application Updater;Application Updater; C:\Programme\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Automatic LiveUpdate Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; F:\hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-26 75064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-10-30 1251720]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-17 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
P.S: Es ist nicht 100pro sicher, ob mein Rechner infiziert ist da mein Vater über den Laptop auch aufs Internet zugreifen kann.

StLB 31.03.2010 21:50
Also ein Keylogger ist da definitiv nicht drauf.
Die Logs sind - bis auf unnütze IE-Toolbars - sauber.
Um wirklich sicherzugehen, bitte noch einen Rootkitscan mit GMER durchführen.

Evtl. hat jemand Dein eBay Passwort durch Ausprobieren geknackt.
Hattest Du ein Passwort ala "passwort" oder ala "$passwd146"?

Marco90 17.04.2010 15:24
Ein neuer Vorfall, diesmal wurde mein svz account missbraucht und folgende Nachricht geschrieben.

Zitat:
Hier meine Zugangsdaten, heute ist echt so ein geiler Tag!!!

Amateurpornos - Amateure haben Amateursex - my-dirty-hobby.com User: Maradonna90 PW: zocken
Cams – Live Cams, Erotik-Webcams & Erotikchat-Shows User: muhQ23 PW: L9QDK
Tatsächlich hab ich vor Jahren mal die Accounts bei den Seiten angelegt und die Daten stimmen auch noch. Sprich da war keiner dran der ein bissl rumprobiert hat.

Da die Nachrichten ein wenig in der Punktierung variieren kann es also kein Bot etc sein. Zum Glück loggt svz auch die IP.

/EDIT:
Per "IP Address Lookup" habe ich sogar weiter Infos finden können.

Zitat:
Host name e181204160.adsl.alicedsl.de
Country Germany Germany
Country Code DE
Region Hessen
City Bad Homburg
Latitude 50.2167
Longitude 8.6167


Der komplette Link zum whois -> hxxp://ip-address-lookup-v4.com/lookup.php?ip=85.181.204.160
Die IP lautet 85.181.204.160.

Sollte ich vllt rechtliche Schritte einleiten?

StLB 17.04.2010 20:11
Hm...

Bitte folgendes durchführen:

1.) Vollständiger Scan mit Malwarebytes Anti-Malware (zuvor Datenbank aktualisieren!)

2.) Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

3.) Rootkitscan mit GMER


Hat außer dir noch jemand anderer Zugriff auf deinen Rechner?
Ändere am besten von einem sauberen Rechner aus alle deine Zugangsdaten. (E-Mail, eBay, StudiVZ, etc.)
Betreibe von deinem "Keylogger-Rechner" keine oben genannten Aktivitäten mehr.

Marco90 18.04.2010 10:54
Ich haben eben vor dem Scan von Malwarebytes nach dem Datenbankupdate mal die Reiter durchgeschaut und gesehen, dass bei Quarantäne zwei Keylogger registriert wurden. Der eine war datiert mit dem 29.11.2009 *schock*
Hab direkt alles entfernt und bin jetzt dabei den Scan durchlaufen zu lassen.
So far...

Marco90 18.04.2010 12:00
Malwarebytes Log
Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.04.2010 12:59:07
mbam-log-2010-04-18 (12-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 422161
Laufzeit: 1 Stunde(n), 21 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\CryptLoad_1.1.8\ocr\filer.net\ocr_by_spider_b\Version4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Temp\data\venmix.exe (Trojan.Wreckit) -> Quarantined and deleted successfully.
OTL-Log
Code:
OTL logfile created on: 18.04.2010 13:14:53 - Run 1
OTL by OldTimer - Version 3.2.1.2    Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 18,76 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,32 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 179,08 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - F:\hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Programme\Vtune\TBPANEL.exe ()
PRC - F:\Nettalk6\Nettalk.exe (Nicolas Kruse)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Hamachi2Svc) -- F:\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LiveUpdate Notice) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100417.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100417.020\NAVENG.SYS (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ipsdefs\20100415.001\SymIDSCo.sys (Symantec Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: firefoxstats@matthew.hambly:1.2.2n
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks_remote_dns: true
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 00:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.12 15:56:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.12 15:56:20 | 000,000,000 | ---D | M]
 
[2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions
[2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.04.17 16:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions
[2009.11.02 21:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.05 16:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009.10.30 21:52:33 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.01.04 21:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\battlefieldheroespatcher@ea.com
[2010.03.19 19:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefox@tvunetworks.com
[2009.12.19 19:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefoxstats@matthew.hambly
[2010.02.18 23:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\toolbar@ask.com
[2010.04.17 16:07:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.17 10:14:14 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Gemeinsame Dateien\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\Nettalk.lnk = F:\Nettalk6\Nettalk.exe (Nicolas Kruse)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.30 19:20:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.11.14 21:00:43 | 000,000,000 | ---D | M] - F:\Autoupdate -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.18 13:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.04.18 11:25:25 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe
[2010.04.12 15:55:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.10 18:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2010.03.31 20:49:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.24 23:01:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\tril
[2010.03.19 21:36:22 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys
[2010.03.19 21:36:15 | 000,077,824 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwusbnci.org
[2010.03.19 19:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\TVU Networks
[2010.03.19 19:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
[2010.03.19 19:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\LocalLow
[2010.03.19 19:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2010.03.19 13:47:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\.rainlendar2
[2010.01.02 18:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.31 16:06:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.sys
[2009.11.08 18:59:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.10.30 19:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.10.30 19:20:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2005.06.18 08:04:56 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.18 13:12:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.18 13:10:37 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.CDF
[2010.04.18 13:09:51 | 000,235,380 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.04.18 13:09:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.18 13:09:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.18 13:08:15 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.04.18 13:08:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.04.18 13:07:59 | 009,175,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT
[2010.04.18 13:07:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini
[2010.04.18 13:07:52 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK
[2010.04.18 13:01:02 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.18 12:39:50 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc
[2010.04.18 11:25:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe
[2010.04.18 00:47:33 | 002,115,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.17 22:22:01 | 000,050,688 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.17 21:56:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 19:32:23 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc
[2010.04.14 21:35:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.14 10:58:34 | 262,971,603 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro - Q1.mp3
[2010.04.14 09:06:06 | 000,034,481 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro XI -Dezember 2009.mp3
[2010.04.12 20:07:55 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job
[2010.04.12 15:57:10 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.11 20:46:49 | 000,005,052 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\q1.m3u
[2010.04.11 02:39:48 | 000,000,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk
[2010.04.06 21:28:21 | 000,030,208 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\GMK0704.doc
[2010.04.04 00:20:05 | 000,002,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.04.03 16:55:55 | 000,000,417 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play PKR.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.24 23:13:01 | 000,835,584 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\gandhi.ppt
[2010.03.24 22:46:14 | 000,035,840 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\mahatma.doc
[2010.03.19 18:05:50 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010.03.19 13:47:11 | 000,000,555 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rainlendar2.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.18 12:26:49 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc
[2010.04.15 19:32:23 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc
[2010.04.14 09:07:00 | 262,971,603 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro - Q1.mp3
[2010.04.14 09:06:05 | 000,034,481 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro XI -Dezember 2009.mp3
[2010.04.12 15:56:20 | 000,001,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.11 02:39:47 | 000,000,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk
[2010.04.06 20:18:57 | 000,030,208 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\GMK0704.doc
[2010.04.03 16:55:55 | 000,000,417 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play PKR.lnk
[2010.04.02 20:35:58 | 000,005,052 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\q1.m3u
[2010.03.24 23:13:01 | 000,835,584 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\gandhi.ppt
[2010.03.21 23:00:19 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\mahatma.doc
[2010.03.19 13:47:11 | 000,000,555 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rainlendar2.lnk
[2010.03.16 21:05:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\chrtmp
[2010.03.15 02:27:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.03.01 22:28:26 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll
[2010.02.27 02:35:09 | 000,510,888 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.22 20:19:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ROCSETUP.INI
[2010.02.21 22:29:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\PROFED32.INI
[2010.02.02 16:18:17 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid664.log
[2010.02.02 16:15:07 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3696.log
[2010.02.02 16:03:42 | 000,010,708 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3040.log
[2010.01.04 21:38:45 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.04 21:38:45 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys
[2009.12.31 16:07:22 | 000,001,041 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\vso_ts_preview.xml
[2009.12.31 16:06:21 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.log
[2009.12.31 16:06:12 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\inst.exe
[2009.12.31 16:06:12 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.cat
[2009.12.31 16:06:12 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.inf
[2009.12.28 18:31:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.07 17:28:53 | 000,010,794 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.11.05 20:24:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.11.01 03:46:02 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.31 22:33:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.30 22:27:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.30 21:10:16 | 000,046,593 | R--- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2009.10.30 21:10:16 | 000,000,193 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.10.30 20:23:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.30 20:23:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.30 19:25:12 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.dat.LOG
[2009.10.30 19:25:12 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini
[2009.10.30 19:25:11 | 009,175,040 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT
[2009.06.10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.07.11 06:44:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86
< End of report >
Hier noch das Log welche als extra.txt angezeigt wurde.
Code:
OTL Extras logfile created on: 18.04.2010 13:14:53 - Run 1
OTL by OldTimer - Version 3.2.1.2    Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 18,76 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,32 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 179,08 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Football2009\fm.exe" = F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo -- (Sports Interactive)
"F:\Footman10\fm.exe" = F:\Footman10\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"F:\Steam\Steam.exe" = F:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\League of Legends\Air\LolClient.exe" = F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"F:\League of Legends\Game\League of Legends.exe" = F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"F:\Dirt2\dirt2.exe" = F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo -- (Codemasters)
"F:\Dirt 2\dirt2_game.exe" = F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2 -- (Codemasters)
"F:\LimeWire\LimeWire.exe" = F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"F:\itunes\iTunes.exe" = F:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"F:\Allods\Allods Online\bin\Launcher.exe" = F:\Allods\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Allods\Allods Online\bin\AOgame.exe" = F:\Allods\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{626C32A3-0F0F-41B3-9F53-75E16B2D8925}" = SymNet
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8610FF9A-8FEE-4509-ADCD-AF68157B562A}" = Symantec Real Time Storage Protection Component
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}" = Sound Blaster Audigy 4
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF0BC679-A503-43AF-9104-E8842999955E}_is1" = CTDP's ChampionShipManager NX 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C85A83-296E-4813-86A6-DA8DA6A92D6D}" = Left 4 Dead 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AMIP" = AMIP (remove only)
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.02
"Ashampoo ClipFinder_is1" = Ashampoo ClipFinder 1.55
"AstrumNival Allods" = Allods Online 1.0.05.41
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CamStudio" = CamStudio
"cdrtools Frontend_is1" = cdrtfe 1.3.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESL Wire_is1" = ESL Wire 1.3
"F1 DLM 2009 Trackpack" = F1 DLM 2009 Trackpack
"F1 Official Team Manager" = F1 Official Team Manager
"Football Manager 2010" = Football Manager 2010
"Football Manager 2010 Demo" = Football Manager 2010 Demo
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.7
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMJ-Quellcodesammlung_is1" = MMJ-Quellcodesammlung
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"Need For Speed SHIFT_is1" = Need For Speed SHIFT
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nettalk_is1" = Nettalk 6.6
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PKR" = PKR
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"Real-Time Racing_is1" = Real-Time Racing
"rF Tv Style_is1" = Tv Style Beta 0.9
"rFactor" = rFactor (remove only)
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.2.4
"Steam App 10" = Counter-Strike
"Steam App 33310" = R.U.S.E. Beta
"Steam App 8600" = RACE 07
"Steam App 8640" = RACE On
"Steam App 8760" = RACE On - DEMO
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vtune_is1" = Vtune 7.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.9.1 (unicode) for Python 2.6
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (marco)
"GeoGebra" = GeoGebra
"Grand Prix 1979 for Rfactor v2.0" = Grand Prix 1979 for Rfactor v2.0
"MOD F1RL09 FINAL VERSION" = MOD F1RL09 FINAL VERSION
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 10.04.2010 20:13:25 | Computer Name = MARCO-ED193E38F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Allods-EU_Deutsch.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 10.04.2010 20:43:44 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 10.04.2010 20:43:50 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 10.04.2010 20:44:55 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 11.04.2010 05:56:51 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 12.04.2010 12:14:57 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 12.04.2010 12:15:12 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
[ System Events ]
Error - 15.04.2010 11:57:56 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.04.2010 12:45:57 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 15.04.2010 12:46:07 | Computer Name = MARCO-ED193E38F | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A0E748A1-DE06-456A-B6C6-F66E2267059C} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 15.04.2010 15:13:55 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 15.04.2010 15:14:26 | Computer Name = MARCO-ED193E38F | Source = NetBT | ID = 4321
Description = Der Name "ARBEITSGRUPPE  :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.21  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 16.04.2010 09:47:09 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 17.04.2010 09:45:40 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 18.04.2010 05:19:28 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 18.04.2010 07:09:54 | Computer Name = MARCO-ED193E38F | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 18.04.2010 07:12:03 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
 
< End of report >

StLB 18.04.2010 12:24
Hi,

es wäre gut zu wissen, was Malwarebytes da für Keylogger gefunden hat.
Suche mal im Reiter "Logdateien" nach einem Logfile vom 29.11.2009 und poste es.

OTL schau ich mit gleich noch an.

Marco90 18.04.2010 12:34
So sah der Eintrag damals aus
Zitat:
C:\System Volume Information\_restore{7972D57B-F40D-4A44-B649-96DCD9C926BD}\RP49\A0004193.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.

StLB 18.04.2010 13:29
Ok, der Keylogger war 'nur' in der Systemwiederherstellung - der war also nicht mehr aktiv.
Bitte einen Rootkitscan mit GMER machen und das Logfile posten.

Marco90 18.04.2010 14:39
Geht das auch mit einem anderen Tool?
GMER stürzt bei mir immer ab.

StLB 18.04.2010 14:44
GMER neigt leider oft zu Abstürzen :(


Rootkitscan mit RootRepeal

Lade RootRepeal.zip herunter und entpacke es auf Deinen Desktop
  • Doppelklicke auf RootRepeal.exe um das Programm zu starten.
  • Klick auf den Reiter Report am unteren Ende des Programmfensters.
  • Klicke den Scan Button.
  • Wähle in dem Select Scan Dialog aus:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Klicke auf OK
  • Wähle in dem nächsten Dialog alle angezeigten Laufwerke aus.
  • Klicke auf OK, um den Scan zu starten.

    Der Scan kann eine Zeit lang dauern. Starte keine anderen Programme, solange der Scan läuft.
  • Wenn der Scan beendet ist, erscheint der Save Report Button.
  • Klicke auf diesen und speichere den Bericht auf Deinen Desktop als RootRepeal.txt.
  • Poste den Bericht bitte in Deiner nächsten Antwort.
  • Gehe auf File, dann auf Exit, um das Programm zu beenden.

Marco90 18.04.2010 15:06
So hier das RootRepeal Log.

Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/04/18 15:48
Program Version:                Version 1.3.5.0
Windows Version:                Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB03C1000        Size: 98304        File Visible: No        Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB8614000        Size: 8192        File Visible: No        Signed: -
Status: -

Name: PCI_PNP0734
Image Path: \Driver\PCI_PNP0734
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: spvu.sys
Image Path: spvu.sys
Address: 0xB7EB4000        Size: 995328        File Visible: No        Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\dokumente und einstellungen\marco\anwendungsdaten\mozilla\firefox\profiles\fsi8u378.default\sessionstore.js
Status: Size mismatch (API: 32979, Raw: 32977)

SSDT
-------------------
#: 012        Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x892cfe08

#: 013        Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x892cfec8

#: 017        Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d0998

#: 031        Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89ce21c8

#: 041        Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee020

#: 043        Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x892cf9c8

#: 053        Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x892d0b28

#: 057        Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x892cf728

#: 063        Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee2a0

#: 065        Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee800

#: 071        Function Name: NtEnumerateKey
Status: Hooked by "spvu.sys" at address 0xb7ecdda4

#: 073        Function Name: NtEnumerateValueKey
Status: Hooked by "spvu.sys" at address 0xb7ece132

#: 083        Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d07f8

#: 089        Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x892cfab8

#: 091        Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x892cfb98

#: 108        Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x892d0718

#: 114        Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x892cf8e8

#: 119        Function Name: NtOpenKey
Status: Hooked by "spvu.sys" at address 0xb7eb50c0

#: 123        Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x892d0a68

#: 125        Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8804df20

#: 129        Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x892d04b8

#: 160        Function Name: NtQueryKey
Status: Hooked by "spvu.sys" at address 0xb7ece20a

#: 177        Function Name: NtQueryValueKey
Status: Hooked by "spvu.sys" at address 0xb7ece08a

#: 206        Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x892e7320

#: 213        Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x892d03f8

#: 228        Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x892d0588

#: 229        Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x892d0328

#: 247        Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06eea50

#: 253        Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x892cf808

#: 254        Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x892cffd0

#: 257        Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89331750

#: 258        Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x892d0268

#: 267        Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x892d0658

#: 277        Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d08c8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_CREATE]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_CLOSE]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_POWER]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_PNP]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_CREATE]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_CLOSE]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_READ]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_CLEANUP]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_PNP]
Process: System        Address: 0x892a41f8        Size: 121

==EOF==


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19