Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google Hijack - ich bekomm es nicht gelöscht (https://www.trojaner-board.de/88946-google-hijack-bekomm-geloescht.html)

KAL 31.07.2010 13:32
Google Hijack - ich bekomm es nicht gelöscht
 
Sowohl mit Firefox als auch mit Opera werden Google Links
sporadisch umgeleitet und die Browser öffnen sporadisch selbstständig
neue Tabs oder Fenster die auf Seiten wie clk.relestar.com
verlinken. Ich habe eine recht lange hosts Liste wo viele der Seiten gar
nicht zur Anzeige gelangen, aber lästig ist es schon.
Vor allem gehts mir auch darum zu lernen, welcher Schädling das ist und wie
ich den kille.

MBAM, OSAM, SuperAntispyware, Bitdefender online.
Bisher hat kein Programm das hijacking beenden können.

Danke

Swisstreasure 31.07.2010 13:39
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Bitte keine Code Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Minimal-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.

    http://image.hijackthis.eu/upload/otl_screen_neu.jpg
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA (nur 32Bit).
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

KAL 31.07.2010 13:53
OTL.txt :

Code:
OTL logfile created on: 31.07.2010 14:47:32 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\User\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,81 Gb Total Space | 13,85 Gb Free Space | 46,46% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 490,52 Gb Free Space | 52,66% Space Free | Partition Type: NTFS
Drive E: | 372,61 Gb Total Space | 140,91 Gb Free Space | 37,82% Space Free | Partition Type: NTFS
Drive F: | 186,31 Gb Total Space | 91,43 Gb Free Space | 49,07% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 134,55 Gb Free Space | 57,77% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 271,67 Gb Free Space | 29,16% Space Free | Partition Type: NTFS
Drive I: | 1397,26 Gb Total Space | 934,66 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
Drive J: | 279,46 Gb Total Space | 129,85 Gb Free Space | 46,46% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 575,32 Gb Free Space | 41,17% Space Free | Partition Type: NTFS
 
Computer Name: BASEX
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\TCB Networks\StrokeIt\strokeit.exe ()
PRC - D:\EverythingPortableAlpha\App\Everything\Everything-1.2.1.451a.exe ()
PRC - D:\EverythingPortableAlpha\EverythingPortableAlpha.exe (PortableApps.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - G:\Dienst\IP-Symcon_work\ips.exe (IP-Symcon)
PRC - C:\Programme\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Programme\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Programme\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Programme\Gembird\Power Manager\pm.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\TCB Networks\StrokeIt\mhook.dll ()
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IPSServer) -- G:\Dienst\IP-Symcon_work\ips.exe (IP-Symcon)
SRV - (VC10SecS) -- C:\Programme\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 8D A4 B9 D0 21 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.30 15:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.31 11:21:58 | 000,000,000 | ---D | M]
 
[2010.04.21 20:18:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.07.31 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\tegft5l5.default\extensions
[2010.07.10 19:46:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\tegft5l5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.31 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\tegft5l5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.06.19 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\tegft5l5.default\extensions\multilinks@plugin
[2010.07.31 13:10:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.06 20:31:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.31 10:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.31 10:30:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.30 15:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.30 15:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.30 15:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.30 15:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.30 15:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.30 15:46:52 | 001,012,530 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: 127.0.0.1  hh-software.com
O1 - Hosts: 127.0.0.1  www.hh-software.com
O1 - Hosts: 127.0.0.1  www.hamrick.com
O1 - Hosts: 127.0.0.1  www.w3.org
O1 - Hosts: 127.0.0.1  www.vectan.de
O1 - Hosts: 127.0.0.1  www.mafiaclans.eu
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  ads.active.com
O1 - Hosts: 127.0.0.1  am1.activemeter.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 30135 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Power Manager] C:\Program Files\Gembird\Power Manager\pm.exe ()
O4 - HKLM..\Run: [VC10Player] C:\Programme\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [StrokeIt] C:\Programme\TCB Networks\StrokeIt\strokeit.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d8f76aa8-4ef4-11df-95eb-001a4d4ccd7a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f76aa8-4ef4-11df-95eb-001a4d4ccd7a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.31 14:45:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.07.31 14:35:54 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.07.31 14:35:54 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.31 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.31 13:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.31 13:24:18 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.07.31 13:10:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\QuickScan
[2010.07.31 11:56:46 | 000,000,000 | ---D | C] -- C:\Programme\PocketKnife Peek
[2010.07.31 11:21:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.31 10:58:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Online Solutions
[2010.07.31 10:30:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.07.31 10:30:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.31 10:30:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.31 10:30:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.30 17:41:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.07.30 15:15:30 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.30 15:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.28 21:57:32 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.28 20:00:30 | 000,136,192 | ---- | C] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe
[2010.07.28 20:00:30 | 000,043,792 | ---- | C] (FSPro Labs) -- C:\Windows\System32\drivers\FSPFltd.sys
[2010.07.28 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\display32
[2010.07.28 19:47:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.07.27 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ImgBurn
[2010.07.23 14:57:13 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.07.14 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Square Enix
[2010.07.14 17:02:42 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack
[2010.07.14 16:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.07.14 16:53:03 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.07.14 16:53:03 | 010,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.07.14 16:53:03 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.07.14 16:53:03 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2010.07.14 16:53:03 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.07.14 16:53:03 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.07.14 16:53:03 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.07.14 16:53:02 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.07.14 16:53:02 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.07.14 16:53:02 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.07.14 16:53:02 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.07.14 16:53:02 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.07.14 16:53:02 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1921.dll
[2010.07.14 16:53:02 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.07.13 09:50:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Frameworkx.com
[2010.07.13 09:50:16 | 000,000,000 | ---D | C] -- C:\Programme\Frameworkx
[2010.07.12 09:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2010.07.12 09:07:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\elsterformular
[2010.07.01 23:52:18 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.07.01 23:52:18 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.07.01 23:52:18 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.07.01 23:52:18 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.07.01 23:52:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.07.01 23:52:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.07.01 23:52:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.07.01 23:52:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.07.01 23:52:18 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.07.01 23:52:18 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.07.01 23:52:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.07.01 23:52:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.07.01 23:52:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.07.01 23:52:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.07.01 23:52:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.07.01 23:52:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.07.01 23:52:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.07.01 23:52:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.07.01 23:52:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.31 14:47:25 | 006,553,600 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010.07.31 14:45:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.07.31 14:34:49 | 000,339,991 | ---- | M] () -- C:\Users\User\Desktop\RSIT.exe
[2010.07.31 14:04:27 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 14:04:27 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 14:01:30 | 001,507,106 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.31 14:01:30 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.31 14:01:30 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.31 14:01:30 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.31 14:01:30 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.31 13:57:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.31 13:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.31 13:56:15 | 001,590,751 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.07.31 13:24:19 | 000,001,965 | ---- | M] () -- C:\Users\User\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.31 10:59:02 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\mqjprhau.sys
[2010.07.31 10:29:59 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.31 10:29:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.31 10:29:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.31 10:29:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.30 15:46:52 | 001,012,530 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.29 23:39:40 | 000,034,304 | ---- | M] () -- C:\42 Heinlein AZ.doc
[2010.07.29 23:38:38 | 000,139,671 | ---- | M] () -- C:\42 Heinlein AZ.pdf
[2010.07.28 21:57:33 | 000,000,969 | ---- | M] () -- C:\Users\User\Desktop\CCleaner.lnk
[2010.07.28 20:17:54 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{240da24e-9a70-11df-97aa-001a4d4ccd7a}.TMContainer00000000000000000002.regtrans-ms
[2010.07.28 20:17:54 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{240da24e-9a70-11df-97aa-001a4d4ccd7a}.TMContainer00000000000000000001.regtrans-ms
[2010.07.28 20:17:54 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{240da24e-9a70-11df-97aa-001a4d4ccd7a}.TM.blf
[2010.07.23 13:09:54 | 000,141,481 | ---- | M] () -- C:\Users\User\Documents\42 Heinlein AZ.pdf
[2010.07.15 16:46:22 | 000,127,484 | ---- | M] () -- C:\sonic.jpg
[2010.07.14 19:45:49 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Just Cause 2.lnk
[2010.07.11 14:11:59 | 000,054,674 | ---- | M] () -- C:\LMC 20 X_ConCeal_AJHorn.jpg
[2010.07.11 14:02:16 | 000,090,236 | ---- | M] () -- C:\W170S_intus170_ajhorn.jpg
[2010.07.09 19:44:05 | 000,050,887 | ---- | M] () -- C:\UE40C6710US_5_Large.jpg
[2010.07.09 18:34:00 | 000,014,476 | ---- | M] () -- C:\Heinlein Ansicht 1.pdf
[2010.07.09 18:34:00 | 000,014,459 | ---- | M] () -- C:\Heinlein Ansicht 2.pdf
 
========== Files Created - No Company Name ==========
 
[2010.07.31 14:34:55 | 000,339,991 | ---- | C] () -- C:\Users\User\Desktop\RSIT.exe
[2010.07.31 13:24:19 | 000,001,965 | ---- | C] () -- C:\Users\User\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.07.28 21:57:33 | 000,000,969 | ---- | C] () -- C:\Users\User\Desktop\CCleaner.lnk
[2010.07.28 20:52:45 | 000,767,488 | ---- | C] () -- C:\Windows\System32\drivers\mqjprhau.sys
[2010.07.28 19:47:16 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{240da24e-9a70-11df-97aa-001a4d4ccd7a}.TMContainer00000000000000000002.regtrans-ms
[2010.07.28 19:47:16 | 000,524,288 | -HS- | C] () -- C:\Users\User\ntuser.dat{240da24e-9a70-11df-97aa-001a4d4ccd7a}.TMContainer00000000000000000001.regtrans-ms
[2010.07.28 19:47:16 | 000,065,536 | -HS- | C] () -- C:\Users\User\ntuser.dat{240da24e-9a70-11df-97aa-001a4d4ccd7a}.TM.blf
[2010.07.23 13:10:18 | 000,139,671 | ---- | C] () -- C:\42 Heinlein AZ.pdf
[2010.07.23 13:09:54 | 000,141,481 | ---- | C] () -- C:\Users\User\Documents\42 Heinlein AZ.pdf
[2010.07.16 14:45:00 | 000,034,304 | ---- | C] () -- C:\42 Heinlein AZ.doc
[2010.07.15 16:45:38 | 000,127,484 | ---- | C] () -- C:\sonic.jpg
[2010.07.14 19:45:49 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\Just Cause 2.lnk
[2010.07.14 17:02:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.11 14:11:59 | 000,054,674 | ---- | C] () -- C:\LMC 20 X_ConCeal_AJHorn.jpg
[2010.07.11 14:02:15 | 000,090,236 | ---- | C] () -- C:\W170S_intus170_ajhorn.jpg
[2010.07.09 19:44:05 | 000,050,887 | ---- | C] () -- C:\UE40C6710US_5_Large.jpg
[2010.07.09 18:34:00 | 000,014,476 | ---- | C] () -- C:\Heinlein Ansicht 1.pdf
[2010.07.09 18:34:00 | 000,014,459 | ---- | C] () -- C:\Heinlein Ansicht 2.pdf
[2010.06.01 12:12:40 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.05.24 23:46:44 | 000,005,120 | ---- | C] () -- C:\Windows\System32\BReWErS.dll
[2010.05.21 16:07:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.05.20 15:58:11 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini
[2010.05.03 21:37:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.04.21 21:26:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:11:15 | 000,000,189 | ---- | C] () -- C:\Windows\System32\rcdb51.ini
 
========== LOP Check ==========
 
[2010.06.28 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ACD Systems
[2010.06.16 09:04:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre
[2010.07.31 13:56:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\display32
[2010.07.12 09:07:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\elsterformular
[2010.06.04 22:47:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2010.07.16 23:52:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\foobar2000
[2010.07.28 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeCommander
[2010.07.27 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn
[2010.05.03 11:30:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software
[2010.05.03 11:53:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAP&GUIDE
[2010.06.16 09:07:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mobipocket
[2010.06.05 00:07:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NewsLeecher
[2010.07.31 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Online Solutions
[2010.04.22 00:18:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2010.05.11 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Passport Photo Studio
[2010.07.28 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhraseExpress
[2010.07.31 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2010.05.27 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TCB Networks
[2010.07.31 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeraCopy
[2010.04.28 00:34:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2010.04.29 00:04:09 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Virtual CD v10
[2010.06.27 12:49:43 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Code:
OTL Extras logfile created on: 31.07.2010 14:47:32 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\User\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,81 Gb Total Space | 13,85 Gb Free Space | 46,46% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 490,52 Gb Free Space | 52,66% Space Free | Partition Type: NTFS
Drive E: | 372,61 Gb Total Space | 140,91 Gb Free Space | 37,82% Space Free | Partition Type: NTFS
Drive F: | 186,31 Gb Total Space | 91,43 Gb Free Space | 49,07% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 134,55 Gb Free Space | 57,77% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 271,67 Gb Free Space | 29,16% Space Free | Partition Type: NTFS
Drive I: | 1397,26 Gb Total Space | 934,66 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
Drive J: | 279,46 Gb Total Space | 129,85 Gb Free Space | 46,46% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 575,32 Gb Free Space | 41,17% Space Free | Partition Type: NTFS
 
Computer Name: BASEX
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.00
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8B682C1D-A3D4-47AF-A594-C5DCCEAB7AB1}" = map&guide professional 2009
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF5AB03-89D5-468E-8E01-5A6FCEFAB8B6}" = Mwst-Rechner
"{A7B9AD06-4F8E-4FE0-8EE9-D9C80156EDFB}" = map&guide Kartendaten PTV Europe City Map Premium 3a-2008t - NQ (F:\map&guide pro 2009 v15\maps\EuropePremium.geo)
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{C7D3522C-8CF7-4D09-8324-CE03E0800938}" = calibre
"{CA2CE23E-6751-4828-AF8B-66EA06E697F6}" = Power Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Foto-Manager
"{FBBB318F-3769-4B1C-B8B2-AF7ED4DA2272}_is1" = Passport Photo Studio 1.5.1
"7-Zip" = 7-Zip 9.13 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Better File Rename_is1" = Better File Rename 5.5
"Calculator" = Calculator 2009.4.137
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"FileZilla Client" = FileZilla Client 3.3.2.1
"foobar2000" = foobar2000 v1.0.2.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeCommander_is1" = FreeCommander 2009.02a
"HijackThis" = HijackThis 1.98.2
"Indeo® Software" = Indeo® Software
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - THE STETCHKOV SYNDICATE
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Just Cause 2_is1" = Just Cause 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"myDownloader 1.3" = myDownloader 1.3
"NewsLeecher_is1" = NewsLeecher v4.0 Beta 18 ( using new supersearch engine )
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Password Recovery Bundle 2010_is1" = Password Recovery Bundle 2010
"PhraseExpress_is1" = PhraseExpress v7.0.162
"PocketKnife Peek_is1" = PocketKnife Peek 1.3
"PuTTY_is1" = PuTTY version 0.60
"QuickPar" = QuickPar 0.9
"SMPlayer" = SMPlayer 0.6.9
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"ST4UNST #1" = PowerPoint Batch Converter
"ST4UNST #2" = PowerPoint Batch Converter (C:\Program Files\PowerPoint Batch Converter\)
"StrokeIt" = StrokeIt
"TeraCopy_is1" = TeraCopy 2.12
"Terrorist Takedown 3/DE-German_is1" = Terrorist Takedown 3
"The KMPlayer" = The KMPlayer (remove only)
"TreeSize Free_is1" = TreeSize Free V2.4
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.9
"VLC media player" = VLC media player 1.0.5
"VueScan" = VueScan
"WinISD beta" = WinISD beta
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Ich hab Win7 32bit. GMER ist nur bis Vista geeignet ?
Ich hab GMER heute morgen laufen lassen, hat nichts gefunden.
Soll ich das nochmal ausführen ?

Swisstreasure 31.07.2010 14:02
Nein natürlich auch bei WIn7 :)

Ja dann poste mir das Log vom Morgen :)

KAL 31.07.2010 14:07
Habs gerade nochmal durchgejagt.

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-31 15:04:32
Windows 6.1.7600
Running: 2oybvpos.exe; Driver: C:\Users\User\AppData\Local\Temp\kgrdqpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E47AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E47104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E473F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E302D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E2F898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E471DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E47958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E476F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E47F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                  82E481A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                            82A60599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                    82A84F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS                                                                            Das System kann die angegebene Datei nicht finden. !
.text          peauth.sys                                                                                                                9D13BC9D 28 Bytes  [5E, EE, ED, D3, E6, D9, 17, ...]
.text          peauth.sys                                                                                                                9D13BCC1 28 Bytes  [5E, EE, ED, D3, E6, D9, 17, ...]
PAGE            peauth.sys                                                                                                                9D141E20 101 Bytes  [66, 47, AC, AE, 51, 45, 0E, ...]
PAGE            peauth.sys                                                                                                                9D14202C 102 Bytes  [01, 33, 4E, C5, 8B, 4C, F3, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                        9F8C8000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                        9F8C8123 629 Bytes  [35, 8C, 9F, FE, 05, 34, 35, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                        9F8C8399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                        9F8C83FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                        9F8C84AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                       

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory                                                    77335380 5 Bytes  JMP 0052000A
.text          C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory                                                      77335F00 5 Bytes  JMP 0053000A
.text          C:\Windows\system32\svchost.exe[1012] ntdll.dll!KiUserExceptionDispatcher                                                  77336448 5 Bytes  JMP 0028000A
.text          C:\Windows\system32\svchost.exe[1012] ole32.dll!CoCreateInstance                                                          76F657FC 5 Bytes  JMP 00C3000A
.text          C:\Windows\Explorer.EXE[1988] ntdll.dll!NtProtectVirtualMemory                                                            77335380 5 Bytes  JMP 0025000A
.text          C:\Windows\Explorer.EXE[1988] ntdll.dll!NtWriteVirtualMemory                                                              77335F00 5 Bytes  JMP 0026000A
.text          C:\Windows\Explorer.EXE[1988] ntdll.dll!KiUserExceptionDispatcher                                                          77336448 5 Bytes  JMP 0011000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\PhraseExpress\phraseexpress.exe[2456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread]        [00467D0C] C:\Program Files\PhraseExpress\phraseexpress.exe (PhraseExpress/Bartels Media GmbH)
IAT            C:\Program Files\PhraseExpress\phraseexpress.exe[2456] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem]  [00467F10] C:\Program Files\PhraseExpress\phraseexpress.exe (PhraseExpress/Bartels Media GmbH)
IAT            C:\Program Files\PhraseExpress\phraseexpress.exe[2456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]      [00467D0C] C:\Program Files\PhraseExpress\phraseexpress.exe (PhraseExpress/Bartels Media GmbH)
IAT            C:\Program Files\PhraseExpress\phraseexpress.exe[2456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem]  [00467F10] C:\Program Files\PhraseExpress\phraseexpress.exe (PhraseExpress/Bartels Media GmbH)
IAT            C:\Program Files\PhraseExpress\phraseexpress.exe[2456] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread]      [00467D0C] C:\Program Files\PhraseExpress\phraseexpress.exe (PhraseExpress/Bartels Media GmbH)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000045                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                      sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----

Swisstreasure 31.07.2010 14:15
Schritt 1

Wurde die Host durch Dich so bearbeitet? Hast Du es auch schon versucht diese wieder auf dne Ursprung zu setzen?

Schritt 2

Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Code:
D:\EverythingPortableAlpha\App\Everything\Everything-1.2.1.451a.exe
D:\EverythingPortableAlpha\EverythingPortableAlpha.exe
Schritt 3

Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => cmd (bei der Suche unten reinchreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Nach dem Prompt (>_) folgenden Text aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

Schritt 4

MBR mit MBRCheck prüfen

Lade MBRCheck.exe herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die MBRCheck.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die MBRCheck.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Wenn der Scan beendet ist, was mit Done! gemeldet wird, klicke Enter, um das Eingabe-Fenster zu schließen.
Poste mir den Inhalt von MBRCheck_<datum>.txt vom Desktop hier in den Thread.

KAL 31.07.2010 14:17
geht gleich (in ca. einer Stunde) weiter.
Muss einkaufen.

Swisstreasure 31.07.2010 14:52
Ok mach das :) Bis später.

KAL 31.07.2010 16:10
Die hosts Datei kann man im Web so runterladen.


everything ist eine Dateisuche, die schnellste die ich kenne.

Kein Fund.

Code:
Datei Everything-1.2.1.451a.exe empfangen 2010.07.31 14:53:25 (UTC)
Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2010.07.31.00        2010.07.30        -
AntiVir        8.2.4.32        2010.07.30        -
Antiy-AVL        2.0.3.7        2010.07.30        -
Authentium        5.2.0.5        2010.07.31        -
Avast        4.8.1351.0        2010.07.31        -
Avast5        5.0.332.0        2010.07.31        -
AVG        9.0.0.851        2010.07.31        -
BitDefender        7.2        2010.07.31        -
CAT-QuickHeal        11.00        2010.07.31        -
ClamAV        0.96.0.3-git        2010.07.30        -
Comodo        5598        2010.07.31        -
DrWeb        5.0.2.03300        2010.07.30        -
Emsisoft        5.0.0.34        2010.07.30        -
eSafe        7.0.17.0        2010.07.29        -
eTrust-Vet        36.1.7753        2010.07.31        -
F-Prot        4.6.1.107        2010.07.31        -
F-Secure        9.0.15370.0        2010.07.31        -
Fortinet        4.1.143.0        2010.07.31        -
GData        21        2010.07.31        -
Ikarus        T3.1.1.84.0        2010.07.31        -
Jiangmin        13.0.900        2010.07.29        -
Kaspersky        7.0.0.125        2010.07.31        -
McAfee        5.400.0.1158        2010.07.31        -
McAfee-GW-Edition        2010.1        2010.07.30        -
Microsoft        1.6004        2010.07.31        -
NOD32        5327        2010.07.30        -
Norman        6.05.11        2010.07.31        -
nProtect        2010-07-31.01        2010.07.31        -
Panda        10.0.2.7        2010.07.31        -
PCTools        7.0.3.5        2010.07.31        -
Prevx        3.0        2010.07.31        -
Rising        22.58.05.04        2010.07.31        -
Sophos        4.56.0        2010.07.31        -
Sunbelt        6667        2010.07.31        -
SUPERAntiSpyware        4.40.0.1006        2010.07.31        -
Symantec        20101.1.1.7        2010.07.31        -
TheHacker        6.5.2.1.328        2010.07.30        -
TrendMicro        9.120.0.1004        2010.07.31        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.31        -
VBA32        3.12.12.7        2010.07.30        -
ViRobot        2010.7.31.3965        2010.07.31        -
VirusBuster        5.0.27.0        2010.07.30        -
weitere Informationen
File size: 760320 bytes
MD5...: 2b6135751acd0dd25bbff82d82f15e56
SHA1..: 8981c9ec8af8dad54e271de41844b642e6a15974
SHA256: 66c8334035a41e4d0c35d0bc90ac7dc9f60ce6087feb3d1aa26b7357e8b9c5f2
ssdeep: 12288:kYIXjN/H9EzqA76J+mkStDssH6Bm5MQrztC+4XY2P6l0mz0TRzNH/OFH7G<br>4g4z3p:00tSxH6Bm5MotV0mYTXOFHBtDArmF4eF<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x8c4b9<br>timedatestamp.....: 0x4b0b906e (Tue Nov 24 07:51:10 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x97a70 0x97c00 6.55 6300573215cbdebe788ffa2c63842312<br>.rdata 0x99000 0x134ca 0x13600 5.58 90064696990dd1aeba5ff4799a353830<br>.data 0xad000 0x5904 0x3200 4.58 8f037e20879815d9028ca2d523954fa6<br>.rsrc 0xb3000 0xb110 0xb200 5.91 312d12981d91f72310dbc7bb9c08bff7<br><br>( 12 imports ) <br>&gt; COMCTL32.dll: ImageList_Create, ImageList_Add, ImageList_DrawEx, ImageList_Destroy, InitCommonControlsEx<br>&gt; WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>&gt; MSIMG32.dll: AlphaBlend<br>&gt; IMM32.dll: ImmGetVirtualKey<br>&gt; KERNEL32.dll: SetConsoleScreenBufferSize, AllocConsole, GetTimeFormatA, GetDateFormatA, GetLocalTime, FlushFileBuffers, SetFilePointer, GetProcAddress, FreeLibrary, LoadLibraryA, GetSystemDirectoryA, WideCharToMultiByte, FileTimeToSystemTime, FindClose, FindNextFileW, GetSystemTime, FindFirstFileW, ExitProcess, FormatMessageA, GetCommandLineW, GetModuleHandleW, GetCurrentThreadId, CreateMutexA, CreateMutexW, SetLastError, SetThreadPriority, CreateEventA, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, GetFileSize, GetSystemDefaultLangID, HeapAlloc, HeapFree, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GetFileAttributesW, GetFileAttributesA, GetModuleFileNameW, InitializeCriticalSection, CreateFileW, MoveFileW, MoveFileExW, GetSystemTimeAsFileTime, GetFileAttributesExW, CreateDirectoryW, GetComputerNameW, QueryDosDeviceW, SetErrorMode, GetDiskFreeSpaceExW, GetVolumeNameForVolumeMountPointW, SystemTimeToFileTime, GetLongPathNameW, RaiseException, ExpandEnvironmentStringsW, GetTimeFormatW, GetDateFormatW, DeleteCriticalSection, FindVolumeClose, FindNextVolumeW, GetVolumePathNamesForVolumeNameW, FindFirstVolumeW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, HeapCreate, HeapDestroy, HeapSize, IsDebuggerPresent, SetUnhandledExceptionFilter, TerminateProcess, UnhandledExceptionFilter, InterlockedDecrement, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleA, GetStartupInfoA, GetVersionExA, GetCommandLineA, HeapReAlloc, CreateThread, ExitThread, RtlUnwind, QueryPerformanceCounter, SetConsoleTextAttribute, GetStdHandle, EnterCriticalSection, WriteConsoleW, LeaveCriticalSection, GetProcessHeap, HeapCompact, GetCurrentProcess, SetProcessWorkingSetSize, Sleep, FindFirstVolumeMountPointW, GetFileInformationByHandle, FindNextVolumeMountPointW, CreateEventW, ResetEvent, WaitForMultipleObjects, GetOverlappedResult, CancelIo, SetEvent, WaitForSingleObject, CloseHandle, GetDriveTypeW, GetVolumeInformationW, GetSystemInfo, VirtualAlloc, DeviceIoControl, VirtualFree, WriteFile, ReadFile, GetLastError, FileTimeToLocalFileTime, QueryPerformanceFrequency, MultiByteToWideChar, LCMapStringW, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetTickCount, GetCurrentProcessId, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, CreateFileA, DeleteFileW<br>&gt; USER32.dll: CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetSysColorBrush, GetScrollInfo, GetWindowDC, ScrollWindowEx, SetScrollInfo, SetCursorPos, ScreenToClient, TrackMouseEvent, DrawEdge, IsDlgButtonChecked, GetDlgItemInt, InsertMenuW, GetMenuItemID, GetMenuDefaultItem, DrawTextExA, MessageBeep, GetDoubleClickTime, SetDlgItemTextW, GetClassNameW, SetDlgItemInt, IsCharAlphaNumericW, IsIconic, GetKeyState, PostMessageW, GetSysColor, FillRect, GetClassInfoExW, RegisterClassExW, GetNextDlgTabItem, EnableWindow, SetWindowPos, SetWindowTextW, AllowSetForegroundWindow, EnumWindows, IsWindowVisible, DialogBoxIndirectParamW, DrawFrameControl, GetWindowTextLengthW, GetWindowTextW, GetMenuItemCount, CreatePopupMenu, AppendMenuW, RemoveMenu, SetMenuItemInfoW, CallWindowProcW, CreateDialogIndirectParamW, BringWindowToTop, EnumChildWindows, UpdateWindow, InvalidateRgn, GetWindowRect, ClientToScreen, OffsetRect, CopyRect, EnumDisplayMonitors, MonitorFromRect, CheckDlgButton, SendMessageW, CreateWindowExW, GetMonitorInfoW, SystemParametersInfoW, IntersectRect, GetDC, RegisterClipboardFormatW, GetDesktopWindow, DrawTextExW, ReleaseDC, GetSystemMetrics, SetCapture, IsWindow, GetCapture, PtInRect, ReleaseCapture, DestroyIcon, SetWindowsHookExW, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, WaitMessage, CallNextHookEx, IsWindowEnabled, GetFocus, PostQuitMessage, LoadImageW, LoadIconW, GetMenu, GetSubMenu, IsClipboardFormatAvailable, GetMenuItemInfoW, RedrawWindow, GetMessagePos, SetActiveWindow, IsZoomed, MonitorFromWindow, SetMenu, RegisterWindowMessageA, CreateWindowExA, DefWindowProcW, GetCursorPos, CreateMenu, SetMenuDefaultItem, TrackPopupMenu, DestroyMenu, RegisterHotKey, SetFocus, GetDlgItem, SetForegroundWindow, ShowWindow, SendDlgItemMessageW, GetParent, SetTimer, KillTimer, EndDialog, UnregisterHotKey, AdjustWindowRect, DestroyWindow, FindWindowW, FindWindowA, GetWindowThreadProcessId, SendMessageTimeoutW, MessageBoxA, UnregisterDeviceNotification, RegisterDeviceNotificationW, CharLowerW, GetWindowLongW, SetWindowLongW, BeginPaint, LoadBitmapW, GetClientRect, EndPaint, SetCursor, LoadCursorW, InvalidateRect, MessageBoxW<br>&gt; GDI32.dll: GetTextMetricsW, PatBlt, SetBrushOrgEx, CreatePatternBrush, CreateBitmapIndirect, CombineRgn, CreateCompatibleBitmap, CreateBitmap, SetPixel, GetTextExtentPoint32A, RectVisible, GetTextExtentExPointW, GetTextExtentExPointA, GetTextExtentPoint32W, TextOutW, TextOutA, GetBkColor, OffsetClipRgn, StretchBlt, CreateRectRgn, GetRandomRgn, GetDCOrgEx, OffsetRgn, CreateCompatibleDC, BitBlt, ExcludeClipRect, SetTextColor, SetBkMode, GetStockObject, GetObjectW, CreateFontIndirectW, CreateDIBSection, GdiFlush, DeleteDC, SetBkColor, SelectClipRgn, SelectObject, GetTextExtentPointW, CreateSolidBrush, MaskBlt, DeleteObject<br>&gt; comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW<br>&gt; ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegSetValueExA, RegDeleteValueW, RegOpenKeyExA, RegOpenKeyA, RegQueryValueExA, DeleteService, ControlService, CreateServiceW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, StartServiceW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerA, SetServiceStatus, RegCloseKey, GetUserNameW, RegOpenKeyExW<br>&gt; SHELL32.dll: SHGetSpecialFolderPathW, -, -, -, DragQueryFileW, SHFileOperationW, -, SHGetDesktopFolder, SHGetMalloc, Shell_NotifyIconW, SHChangeNotify, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoA, ShellExecuteExW, SHGetFileInfoW, ShellExecuteA<br>&gt; ole32.dll: OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance, OleDuplicateData, ReleaseStgMedium, RevokeDragDrop, RegisterDragDrop<br>&gt; SHLWAPI.dll: SHDeleteKeyW, PathIsRelativeW<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
sigcheck:<br>publisher....: n/a<br>copyright....: Copyright (C) 2005-2008 David Carpenter<br>product......: Everything<br>description..: Everything<br>original name: Everything.exe<br>internal name: Everything<br>file version.: 1, 2, 1, 451a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2010.07.31.00        2010.07.30        -
AntiVir        8.2.4.32        2010.07.30        -
Antiy-AVL        2.0.3.7        2010.07.30        -
Authentium        5.2.0.5        2010.07.31        -
Avast        4.8.1351.0        2010.07.31        -
Avast5        5.0.332.0        2010.07.31        -
AVG        9.0.0.851        2010.07.31        -
BitDefender        7.2        2010.07.31        -
CAT-QuickHeal        11.00        2010.07.31        -
ClamAV        0.96.0.3-git        2010.07.30        -
Comodo        5598        2010.07.31        -
DrWeb        5.0.2.03300        2010.07.30        -
Emsisoft        5.0.0.34        2010.07.30        -
eSafe        7.0.17.0        2010.07.29        -
eTrust-Vet        36.1.7753        2010.07.31        -
F-Prot        4.6.1.107        2010.07.31        -
F-Secure        9.0.15370.0        2010.07.31        -
Fortinet        4.1.143.0        2010.07.31        -
GData        21        2010.07.31        -
Ikarus        T3.1.1.84.0        2010.07.31        -
Jiangmin        13.0.900        2010.07.29        -
Kaspersky        7.0.0.125        2010.07.31        -
McAfee        5.400.0.1158        2010.07.31        -
McAfee-GW-Edition        2010.1        2010.07.30        -
Microsoft        1.6004        2010.07.31        -
NOD32        5327        2010.07.30        -
Norman        6.05.11        2010.07.31        -
nProtect        2010-07-31.01        2010.07.31        -
Panda        10.0.2.7        2010.07.31        -
PCTools        7.0.3.5        2010.07.31        -
Prevx        3.0        2010.07.31        -
Rising        22.58.05.04        2010.07.31        -
Sophos        4.56.0        2010.07.31        -
Sunbelt        6667        2010.07.31        -
SUPERAntiSpyware        4.40.0.1006        2010.07.31        -
Symantec        20101.1.1.7        2010.07.31        -
TheHacker        6.5.2.1.328        2010.07.30        -
TrendMicro        9.120.0.1004        2010.07.31        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.31        -
VBA32        3.12.12.7        2010.07.30        -
ViRobot        2010.7.31.3965        2010.07.31        -
VirusBuster        5.0.27.0        2010.07.30        -

weitere Informationen
File size: 760320 bytes
MD5...: 2b6135751acd0dd25bbff82d82f15e56
SHA1..: 8981c9ec8af8dad54e271de41844b642e6a15974
SHA256: 66c8334035a41e4d0c35d0bc90ac7dc9f60ce6087feb3d1aa26b7357e8b9c5f2
ssdeep: 12288:kYIXjN/H9EzqA76J+mkStDssH6Bm5MQrztC+4XY2P6l0mz0TRzNH/OFH7G<br>4g4z3p:00tSxH6Bm5MotV0mYTXOFHBtDArmF4eF<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x8c4b9<br>timedatestamp.....: 0x4b0b906e (Tue Nov 24 07:51:10 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name        viradd    virsiz  rawdsiz  ntrpy  md5<br>.text      0x1000  0x97a70  0x97c00  6.55  6300573215cbdebe788ffa2c63842312<br>.rdata    0x99000  0x134ca  0x13600  5.58  90064696990dd1aeba5ff4799a353830<br>.data      0xad000    0x5904    0x3200  4.58  8f037e20879815d9028ca2d523954fa6<br>.rsrc      0xb3000    0xb110    0xb200  5.91  312d12981d91f72310dbc7bb9c08bff7<br><br>( 12 imports )  <br>&gt; COMCTL32.dll: ImageList_Create, ImageList_Add, ImageList_DrawEx, ImageList_Destroy, InitCommonControlsEx<br>&gt; WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>&gt; MSIMG32.dll: AlphaBlend<br>&gt; IMM32.dll: ImmGetVirtualKey<br>&gt; KERNEL32.dll: SetConsoleScreenBufferSize, AllocConsole, GetTimeFormatA, GetDateFormatA, GetLocalTime, FlushFileBuffers, SetFilePointer, GetProcAddress, FreeLibrary, LoadLibraryA, GetSystemDirectoryA, WideCharToMultiByte, FileTimeToSystemTime, FindClose, FindNextFileW, GetSystemTime, FindFirstFileW, ExitProcess, FormatMessageA, GetCommandLineW, GetModuleHandleW, GetCurrentThreadId, CreateMutexA, CreateMutexW, SetLastError, SetThreadPriority, CreateEventA, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, GetFileSize, GetSystemDefaultLangID, HeapAlloc, HeapFree, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GetFileAttributesW, GetFileAttributesA, GetModuleFileNameW, InitializeCriticalSection, CreateFileW, MoveFileW, MoveFileExW, GetSystemTimeAsFileTime, GetFileAttributesExW, CreateDirectoryW, GetComputerNameW, QueryDosDeviceW, SetErrorMode, GetDiskFreeSpaceExW, GetVolumeNameForVolumeMountPointW, SystemTimeToFileTime, GetLongPathNameW, RaiseException, ExpandEnvironmentStringsW, GetTimeFormatW, GetDateFormatW, DeleteCriticalSection, FindVolumeClose, FindNextVolumeW, GetVolumePathNamesForVolumeNameW, FindFirstVolumeW, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, HeapCreate, HeapDestroy, HeapSize, IsDebuggerPresent, SetUnhandledExceptionFilter, TerminateProcess, UnhandledExceptionFilter, InterlockedDecrement, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleA, GetStartupInfoA, GetVersionExA, GetCommandLineA, HeapReAlloc, CreateThread, ExitThread, RtlUnwind, QueryPerformanceCounter, SetConsoleTextAttribute, GetStdHandle, EnterCriticalSection, WriteConsoleW, LeaveCriticalSection, GetProcessHeap, HeapCompact, GetCurrentProcess, SetProcessWorkingSetSize, Sleep, FindFirstVolumeMountPointW, GetFileInformationByHandle, FindNextVolumeMountPointW, CreateEventW, ResetEvent, WaitForMultipleObjects, GetOverlappedResult, CancelIo, SetEvent, WaitForSingleObject, CloseHandle, GetDriveTypeW, GetVolumeInformationW, GetSystemInfo, VirtualAlloc, DeviceIoControl, VirtualFree, WriteFile, ReadFile, GetLastError, FileTimeToLocalFileTime, QueryPerformanceFrequency, MultiByteToWideChar, LCMapStringW, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetTickCount, GetCurrentProcessId, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, CreateFileA, DeleteFileW<br>&gt; USER32.dll: CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetSysColorBrush, GetScrollInfo, GetWindowDC, ScrollWindowEx, SetScrollInfo, SetCursorPos, ScreenToClient, TrackMouseEvent, DrawEdge, IsDlgButtonChecked, GetDlgItemInt, InsertMenuW, GetMenuItemID, GetMenuDefaultItem, DrawTextExA, MessageBeep, GetDoubleClickTime, SetDlgItemTextW, GetClassNameW, SetDlgItemInt, IsCharAlphaNumericW, IsIconic, GetKeyState, PostMessageW, GetSysColor, FillRect, GetClassInfoExW, RegisterClassExW, GetNextDlgTabItem, EnableWindow, SetWindowPos, SetWindowTextW, AllowSetForegroundWindow, EnumWindows, IsWindowVisible, DialogBoxIndirectParamW, DrawFrameControl, GetWindowTextLengthW, GetWindowTextW, GetMenuItemCount, CreatePopupMenu, AppendMenuW, RemoveMenu, SetMenuItemInfoW, CallWindowProcW, CreateDialogIndirectParamW, BringWindowToTop, EnumChildWindows, UpdateWindow, InvalidateRgn, GetWindowRect, ClientToScreen, OffsetRect, CopyRect, EnumDisplayMonitors, MonitorFromRect, CheckDlgButton, SendMessageW, CreateWindowExW, GetMonitorInfoW, SystemParametersInfoW, IntersectRect, GetDC, RegisterClipboardFormatW, GetDesktopWindow, DrawTextExW, ReleaseDC, GetSystemMetrics, SetCapture, IsWindow, GetCapture, PtInRect, ReleaseCapture, DestroyIcon, SetWindowsHookExW, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, WaitMessage, CallNextHookEx, IsWindowEnabled, GetFocus, PostQuitMessage, LoadImageW, LoadIconW, GetMenu, GetSubMenu, IsClipboardFormatAvailable, GetMenuItemInfoW, RedrawWindow, GetMessagePos, SetActiveWindow, IsZoomed, MonitorFromWindow, SetMenu, RegisterWindowMessageA, CreateWindowExA, DefWindowProcW, GetCursorPos, CreateMenu, SetMenuDefaultItem, TrackPopupMenu, DestroyMenu, RegisterHotKey, SetFocus, GetDlgItem, SetForegroundWindow, ShowWindow, SendDlgItemMessageW, GetParent, SetTimer, KillTimer, EndDialog, UnregisterHotKey, AdjustWindowRect, DestroyWindow, FindWindowW, FindWindowA, GetWindowThreadProcessId, SendMessageTimeoutW, MessageBoxA, UnregisterDeviceNotification, RegisterDeviceNotificationW, CharLowerW, GetWindowLongW, SetWindowLongW, BeginPaint, LoadBitmapW, GetClientRect, EndPaint, SetCursor, LoadCursorW, InvalidateRect, MessageBoxW<br>&gt; GDI32.dll: GetTextMetricsW, PatBlt, SetBrushOrgEx, CreatePatternBrush, CreateBitmapIndirect, CombineRgn, CreateCompatibleBitmap, CreateBitmap, SetPixel, GetTextExtentPoint32A, RectVisible, GetTextExtentExPointW, GetTextExtentExPointA, GetTextExtentPoint32W, TextOutW, TextOutA, GetBkColor, OffsetClipRgn, StretchBlt, CreateRectRgn, GetRandomRgn, GetDCOrgEx, OffsetRgn, CreateCompatibleDC, BitBlt, ExcludeClipRect, SetTextColor, SetBkMode, GetStockObject, GetObjectW, CreateFontIndirectW, CreateDIBSection, GdiFlush, DeleteDC, SetBkColor, SelectClipRgn, SelectObject, GetTextExtentPointW, CreateSolidBrush, MaskBlt, DeleteObject<br>&gt; comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW<br>&gt; ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegSetValueExA, RegDeleteValueW, RegOpenKeyExA, RegOpenKeyA, RegQueryValueExA, DeleteService, ControlService, CreateServiceW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, StartServiceW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerA, SetServiceStatus, RegCloseKey, GetUserNameW, RegOpenKeyExW<br>&gt; SHELL32.dll: SHGetSpecialFolderPathW, -, -, -, DragQueryFileW, SHFileOperationW, -, SHGetDesktopFolder, SHGetMalloc, Shell_NotifyIconW, SHChangeNotify, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoA, ShellExecuteExW, SHGetFileInfoW, ShellExecuteA<br>&gt; ole32.dll: OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance, OleDuplicateData, ReleaseStgMedium, RevokeDragDrop, RegisterDragDrop<br>&gt; SHLWAPI.dll: SHDeleteKeyW, PathIsRelativeW<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
sigcheck:<br>publisher....: n/a<br>copyright....: Copyright (C) 2005-2008 David Carpenter<br>product......: Everything<br>description..: Everything<br>original name: Everything.exe<br>internal name: Everything<br>file version.: 1, 2, 1, 451a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Code:
Datei EverythingPortableAlpha.exe empfangen 2010.07.31 14:58:57 (UTC)
Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2010.07.31.00        2010.07.30        -
AntiVir        8.2.4.32        2010.07.30        -
Antiy-AVL        2.0.3.7        2010.07.30        -
Authentium        5.2.0.5        2010.07.31        -
Avast        4.8.1351.0        2010.07.31        -
Avast5        5.0.332.0        2010.07.31        -
AVG        9.0.0.851        2010.07.31        -
BitDefender        7.2        2010.07.31        -
CAT-QuickHeal        11.00        2010.07.31        -
ClamAV        0.96.0.3-git        2010.07.30        -
Comodo        5598        2010.07.31        -
DrWeb        5.0.2.03300        2010.07.30        -
Emsisoft        5.0.0.34        2010.07.30        -
eSafe        7.0.17.0        2010.07.29        -
eTrust-Vet        36.1.7753        2010.07.31        -
F-Prot        4.6.1.107        2010.07.31        -
F-Secure        9.0.15370.0        2010.07.31        -
Fortinet        4.1.143.0        2010.07.31        -
GData        21        2010.07.31        -
Ikarus        T3.1.1.84.0        2010.07.31        -
Jiangmin        13.0.900        2010.07.29        -
Kaspersky        7.0.0.125        2010.07.31        -
McAfee        5.400.0.1158        2010.07.31        -
McAfee-GW-Edition        2010.1        2010.07.30        -
Microsoft        1.6004        2010.07.31        -
NOD32        5327        2010.07.30        -
Norman        6.05.11        2010.07.31        -
nProtect        2010-07-31.01        2010.07.31        -
Panda        10.0.2.7        2010.07.31        -
PCTools        7.0.3.5        2010.07.31        -
Prevx        3.0        2010.07.31        -
Rising        22.58.05.04        2010.07.31        -
Sophos        4.56.0        2010.07.31        -
Sunbelt        6667        2010.07.31        -
Symantec        20101.1.1.7        2010.07.31        -
TheHacker        6.5.2.1.328        2010.07.30        -
TrendMicro        9.120.0.1004        2010.07.31        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.31        -
VBA32        3.12.12.7        2010.07.30        -
ViRobot        2010.7.31.3965        2010.07.31        -
VirusBuster        5.0.27.0        2010.07.30        -
weitere Informationen
File size: 94645 bytes
MD5...: c34dd8273c60695042e061b05090b641
SHA1..: 1c6fa345276c64324c47e00b8ca1fb5a67aedb26
SHA256: d049d025837c2a92bf5f4b4ec8d660c9c043924dfb1b073d9fcdfe83e3f42e85
ssdeep: 1536:7QpQ5EP0ijnRTXJN0ssk6OqEqHtgcOMKwE1STIjShUrqaCRt639qJriHX/+<br>W:7QIURTXJ4jOMKw1TIjShjRt2weX/R<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x5110 0x5200 4.47 ce29eb4cf66db7912ac2394fd8894631<br><br>( 8 imports ) <br>&gt; KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>&gt; USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>&gt; GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>&gt; SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>&gt; ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>&gt; COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>&gt; ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>&gt; VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: PortableApps.com<br>copyright....: PortableApps.com _ Contributors<br>product......: Everything Portable Alpha<br>description..: Everything Portable Alpha<br>original name: EverythingPortableAlpha.exe<br>internal name: Everything Portable Alpha<br>file version.: 1.2.1.451a<br>comments.....: Allows Everything to be run from a removable drive. For additional details, visit PortableApps.com/EverythingPortableAlpha<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (F-Prot): NSIS

Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2010.07.31.00        2010.07.30        -
AntiVir        8.2.4.32        2010.07.30        -
Antiy-AVL        2.0.3.7        2010.07.30        -
Authentium        5.2.0.5        2010.07.31        -
Avast        4.8.1351.0        2010.07.31        -
Avast5        5.0.332.0        2010.07.31        -
AVG        9.0.0.851        2010.07.31        -
BitDefender        7.2        2010.07.31        -
CAT-QuickHeal        11.00        2010.07.31        -
ClamAV        0.96.0.3-git        2010.07.30        -
Comodo        5598        2010.07.31        -
DrWeb        5.0.2.03300        2010.07.30        -
Emsisoft        5.0.0.34        2010.07.30        -
eSafe        7.0.17.0        2010.07.29        -
eTrust-Vet        36.1.7753        2010.07.31        -
F-Prot        4.6.1.107        2010.07.31        -
F-Secure        9.0.15370.0        2010.07.31        -
Fortinet        4.1.143.0        2010.07.31        -
GData        21        2010.07.31        -
Ikarus        T3.1.1.84.0        2010.07.31        -
Jiangmin        13.0.900        2010.07.29        -
Kaspersky        7.0.0.125        2010.07.31        -
McAfee        5.400.0.1158        2010.07.31        -
McAfee-GW-Edition        2010.1        2010.07.30        -
Microsoft        1.6004        2010.07.31        -
NOD32        5327        2010.07.30        -
Norman        6.05.11        2010.07.31        -
nProtect        2010-07-31.01        2010.07.31        -
Panda        10.0.2.7        2010.07.31        -
PCTools        7.0.3.5        2010.07.31        -
Prevx        3.0        2010.07.31        -
Rising        22.58.05.04        2010.07.31        -
Sophos        4.56.0        2010.07.31        -
Sunbelt        6667        2010.07.31        -
Symantec        20101.1.1.7        2010.07.31        -
TheHacker        6.5.2.1.328        2010.07.30        -
TrendMicro        9.120.0.1004        2010.07.31        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.31        -
VBA32        3.12.12.7        2010.07.30        -
ViRobot        2010.7.31.3965        2010.07.31        -
VirusBuster        5.0.27.0        2010.07.30        -

weitere Informationen
File size: 94645 bytes
MD5...: c34dd8273c60695042e061b05090b641
SHA1..: 1c6fa345276c64324c47e00b8ca1fb5a67aedb26
SHA256: d049d025837c2a92bf5f4b4ec8d660c9c043924dfb1b073d9fcdfe83e3f42e85
ssdeep: 1536:7QpQ5EP0ijnRTXJN0ssk6OqEqHtgcOMKwE1STIjShUrqaCRt639qJriHX/+<br>W:7QIURTXJ4jOMKw1TIjShjRt2weX/R<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz  rawdsiz  ntrpy  md5<br>.text      0x1000    0x5a5a    0x5c00  6.42  0bc2ffd32265a08d72b795b18265828d<br>.rdata      0x7000    0x1190    0x1200  5.18  f179218a059068529bdb4637ef5fa28e<br>.data      0x9000  0x1af98    0x400  4.71  975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata    0x24000    0xb000      0x0  0.00  d41d8cd98f00b204e9800998ecf8427e<br>.rsrc      0x2f000    0x5110    0x5200  4.47  ce29eb4cf66db7912ac2394fd8894631<br><br>( 8 imports )  <br>&gt; KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>&gt; USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>&gt; GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>&gt; SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>&gt; ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>&gt; COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>&gt; ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>&gt; VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: PortableApps.com<br>copyright....: PortableApps.com _ Contributors<br>product......: Everything Portable Alpha<br>description..: Everything Portable Alpha<br>original name: EverythingPortableAlpha.exe<br>internal name: Everything Portable Alpha<br>file version.: 1.2.1.451a<br>comments.....: Allows Everything to be run from a removable drive.  For additional details, visit PortableApps.com/EverythingPortableAlpha<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (F-Prot): NSIS
mbr.exe von GMER

Code:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
mbrcheck

Code:
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive1

\\.\D: --> \\.\PhysicalDrive2

\\.\E: --> \\.\PhysicalDrive5

\\.\F: --> \\.\PhysicalDrive6

\\.\G: --> \\.\PhysicalDrive8

\\.\H: --> \\.\PhysicalDrive4

\\.\I: --> \\.\PhysicalDrive7

\\.\J: --> \\.\PhysicalDrive0

\\.\K: --> \\.\PhysicalDrive3



      Size  Device Name          MBR Status

  --------------------------------------------

    29 GB  \\.\PhysicalDrive1  Windows 7 MBR code detected

    931 GB  \\.\PhysicalDrive2  Windows XP MBR code detected

    372 GB  \\.\PhysicalDrive5  Unknown MBR code

    186 GB  \\.\PhysicalDrive6  Unknown MBR code

    232 GB  \\.\PhysicalDrive8  Windows XP MBR code detected

    931 GB  \\.\PhysicalDrive4  Windows XP MBR code detected

  1397 GB  \\.\PhysicalDrive7  Windows XP MBR code detected

    279 GB  \\.\PhysicalDrive0  Windows XP MBR code detected

  1397 GB  \\.\PhysicalDrive3  Windows 7 MBR code detected





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done!  Press ENTER to exit...
aha, zwei MBRs nicht koscher. Aber das sind keine Bootplatten...

Swisstreasure 31.07.2010 16:33
Zitat:
372 GB \\.\PhysicalDrive5 Unknown MBR code

186 GB \\.\PhysicalDrive6 Unknown MBR code
Was sind das denn für Drives?
Nutzt Du Linux?

KAL 31.07.2010 16:45
Drive 6 war mal ne XP Bootplatte.

Drive 5 ist schon immer eine Datenplatte gewesen.

Einige HDDs sind noch zu XP Zeiten mit NTFS formatiert worden, einige
kamen erst unter Win7 dazu.
Linux nutze ich nicht (auf diesem PC).

Swisstreasure 31.07.2010 16:47
Du hast am Anfang geschrieben das MBAM, OSAM, SuperAntispyware, Bitdefender nicht gebracht haben. Wurde aber denoch Malware gefunden? Mich würde das Log von MBAM interessieren, falls da was gefunden wurde.

KAL 31.07.2010 17:15
soll ich mbam nochmal durchlaufen lassen oder speichert es
die Logs von den Scans irgendwo ?

Swisstreasure 31.07.2010 19:12
Die werde abgespeichert.
Wenn Du MBAM öffnest findest Du es
unter Scan-Berichte.

KAL 31.07.2010 19:36
zwei Logs mit Funden

28.07.
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.07.2010 20:58:07
mbam-log-2010-07-28 (20-58-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 82796
Laufzeit: 10 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\User\AppData\Local\Temp\IXP000.TMP\ppi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\IXP001.TMP\crypt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\IXP002.TMP\crypt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\IXP003.TMP\crypt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\IXP004.TMP\ppi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\IXP005.TMP\crypt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
und nochmal

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4363

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

28.07.2010 21:37:12
mbam-log-2010-07-28 (21-37-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 82675
Laufzeit: 6 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECNGO8GY\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N03O1XNB\aaidkfmhfa[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5EPK2ZU\imhbjepxrz[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

Swisstreasure 31.07.2010 23:36
Ich will Dir, bevor wir hier weitermachen gerne noch folgendes posten:

Backdoor Warnung

Da Dein Computer mit einer sog. Backdoor (Hintertür) infiziert ist, lies Dir diesen Beitrag sehr aufmerksam durch. Eine Backdoor versteckt sich durch ein Rootkit. Backdoors verursachen diverse Schäden in Windows und erlauben dem Angreifer die komplette Kontrolle über das infizierte System zu übernehmen. Sei Dir bewusst, dass der Angreifer neue Schädlinge bei Bedarf "nachladen" kann, dass er Tastatur-Eingaben mitloggen kann, dass er Programme ausführen kann und/oder sehen kann, was auf Deinem Bildschirm passiert. Daher lautet meine dringende Empfehlung, zu formatieren und Windows neu zu installieren. Das Thema wird sehr kontrovers diskutiert, aber viele Experten aus der "Security Comunity" sind sicher, dass ein einmal mit einer Backdoor infiziertes System auch nach einer Bereiniung nicht wieder als vertrauenswürdig anzusehen ist, denn es ist nicht das Gefährliche, was wir sehen, sondern das, was wir nicht sehen.

Eine weitere Gefahr bei dieser Art von Infektion ist der Identitätsklau, denn diese Art von Schädling kann alle Deine Passwörter stehlen, E-Mail-Daten, Bankdaten, Karten-Nummern usw. durch Mitloggen der Tastatur-Eingaben ausspionieren. Mit diesem System auf keinen Fall mehr Online-Banking, Filesharing, Mailing oder Messaging betreiben. Keine Up- und Downloads, außer auf Security-Seiten. Es ist daher eine gute Idee, alle auf diesem System gespeicherten oder benutzten Passwörter von einem garantiert sauberen Rechner aus durch neue Passwörter zu ersetzen.

Bitte trenne den Computer während der Neuinstallation oder Bereinigung vom Internet (Netz und WLAN), denn wenn der Computer am Netz angeschlossen ist, kann der Angreifer das System weiter modifizieren und vorbeugende Maßnahmen treffen, damit eine Bereinigung so manipuliert wird, dass Fixes nicht so ausgeführt werden, wie vorgesehen.

Tiefergehende Informationen zu diesem Thema findest Du bei Gehen Sie sicher ins Internet.

Lasse mich wissen, ob Du den Rechner neu aufsetzt oder ob Du trotz obiger Warnung eine umfangreiche, langwierige Bereinigung versuchen möchtest, deren Ende sein könnte, dass das System trotz Bereinigungsversuch neu aufgesetzt werden muss.
[color=brown]
[b]Da der Computer aktuell als komprimitiert eingestuft wird, unbedingt den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist.
Mit diesem Computer keinesfalls Online-Banking, Filesharing, Mailing oder Messaging betreiben.
Keine Up- und Downloads, außer auf Security-Seiten.
Alle auf diesem System gespeicherten Passwörter von einem garantiert sauberen Rechner aus durch neue ersetzen.

KAL 01.08.2010 09:16
Ganz klar, ich setze Win7 neu auf.

Wenn dies der empfohlene Weg ist, warum macht ihr euch dann eigentlich
so eine Mühe ?
Ist das Vorhandensein dieser Dateien im MBAM Log schon der Beweis, dass
der PC eine Backdoor hat ?

Ich hatte letztens eine Meldung von AVG, dass im temporären Internetverzeichnis etwas gefunden wurde. Ich hab daraufhin das ganze Temp
gelöscht. Aber anscheinend eben doch nicht das Ganze. Es macht mich kirre,
wenn ich als Admin nicht alle Dateien sehen kann. Immer wenn eine Maschine
nicht das macht, was sie soll, erwacht mein Trotz.

Swisstreasure 01.08.2010 11:34
Wenn MBAM dies als Backdoor.bot erkannt, dann kann man fast mir Sicherheit davon ausgehen dass es sich dabei um ein Backdoor handelt. Zudem deuten auch die Symtome darauf hin. Welche Mühe dann? Ich wollte zuerst sehen was gefunden wird. Und es ist schlussendlich immer dem User überlassen was er macht. Es ist eine Warnung. Eine Reinigung wäre in diesem Falle auch möglich wie ich geschrieben habe. Es liegt also an Dir.

KAL 01.08.2010 11:53
Das schreibe ich schon von einem frischen Win7.

Auf jeden Fall vielen Dank für die Hilfe.
Ist ja nicht selbstverständlich, dass jemand am Samstag und sogar Sonntag
arbeitet.

Zwei Dinge noch.
Ich nutzte bisher AVG Free.
Sollte man einen anderen Wächter nutzen ? Ich lese hier viel von
Kaspersky.

Diese Akademie, die ihr anbietet - wieviel Zeit muss man als Schüler
investieren ?

Swisstreasure 01.08.2010 12:02
Zitat:
Ist ja nicht selbstverständlich, dass jemand am Samstag und sogar Sonntag
arbeitet.
Ist ja kein Beruf, ist eher eine Berufung :)

Zitat:
Ich nutzte bisher AVG Free.
Sollte man einen anderen Wächter nutzen ? Ich lese hier viel von
Kaspersky.
Es ist jedem selber überlassen welchen Virenscanner er nutzt. Als Freeware setze ich persönlich auf Avira und bei bezahlter Software auf Kaspersky. Es gibt viele Tests. Es ist halt wie bei einem Auto. Geschmacksache.

Zitat:
Diese Akademie, die ihr anbietet - wieviel Zeit muss man als Schüler
investieren ?
Da wird sich Larusso noch melden diesbezüglich.

Edit: Hier kannst Du einige wichtige quasi FAQ's lesen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131