| commolus | 04.06.2011 12:02 |
Habe mir den Trojaner TR/Dropper.Gen eingefangen
Hallo zusammen! Habe mir leider den Trojaner eingefangen und würde ihn gerne wieder los werden :headbang:
Hijack:
ccleaner hab ich schon drüber geschickt, antimaleware und spybot ebenfalls.
Danke!!!!:daumenhoc
otl quick scan:
OTL Logfile: Code:
OTL logfile created on: 04.06.2011 13:14:43 - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Computer\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,67% Memory free
7,49 Gb Paging File | 5,88 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 128,70 Gb Free Space | 43,19% Space Free | Partition Type: NTFS
Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.06.04 13:12:27 | 000,302,592 | ---- | M] () -- C:\Users\Computer\Desktop\ufcctiwn.exe
PRC - [2011.05.29 10:14:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
PRC - [2011.04.30 12:22:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.28 14:30:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.18 11:35:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.12 23:16:29 | 003,046,808 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011.01.05 10:49:54 | 002,113,536 | ---- | M] (MacroData Inc.) -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe
PRC - [2010.11.14 17:01:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.10.14 18:26:04 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.11.11 17:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009.08.04 11:52:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.04 11:51:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.27 15:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.13 15:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009.07.13 15:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.06.18 09:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2008.06.12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
========== Modules (SafeList) ==========
MOD - [2011.05.29 10:14:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.04.28 14:30:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.18 11:35:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 10:49:54 | 002,113,536 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV - [2010.10.14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.08.25 18:43:19 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.21 21:50:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2009.12.20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.08.04 11:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 15:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.06.18 09:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.03.24 15:00:00 | 000,241,664 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.03.02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - [2011.03.18 11:35:10 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.22 14:06:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.07 09:25:14 | 000,047,680 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\MacroData Inc\NetDrive\NDFS.sys -- (ndfs)
DRV - [2010.08.24 12:00:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.25 16:01:20 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010.06.25 16:01:16 | 000,142,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010.06.25 16:01:16 | 000,111,312 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010.06.25 16:01:16 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.06.25 16:01:16 | 000,031,632 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.04 12:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 15:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.07.02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 23:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.03.17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2005.12.06 17:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C9 AD 6A 0C 29 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 16:40:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 16:40:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 12:22:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 12:22:38 | 000,000,000 | ---D | M]
[2010.08.20 20:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2011.06.04 11:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions
[2011.03.22 07:00:38 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011.03.22 13:51:54 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2011.01.05 15:36:24 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2011.03.25 15:17:50 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.09.23 20:18:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.05.06 15:00:47 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\battlefieldplay4free@ea.com
[2011.03.22 07:00:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\engine@conduit.com
[2011.03.22 07:00:46 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\jv70xuoh.default\extensions\firebug@software.joehewitt.com
[2010.12.30 18:16:32 | 000,000,913 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\jv70xuoh.default\searchplugins\conduit.xml
[2011.05.23 00:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.23 00:12:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.21 11:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.02 16:40:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.06.02 16:40:50 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.08.21 11:31:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
[2011.03.07 10:32:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 10:32:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.24 11:58:54 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
[2011.03.07 10:32:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 10:32:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 10:32:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{248fbe7e-28a2-11e0-84bf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{248fbe7e-28a2-11e0-84bf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{33fa456b-fe1b-11df-a5d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33fa456b-fe1b-11df-a5d7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{467cd303-e1d7-11df-88b2-c29505fe4588}\Shell - "" = AutoRun
O33 - MountPoints2\{467cd303-e1d7-11df-88b2-c29505fe4588}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4f29e709-289f-11e0-894e-da7464dd360b}\Shell - "" = AutoRun
O33 - MountPoints2\{4f29e709-289f-11e0-894e-da7464dd360b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7d091aef-97f3-11df-8fc4-c417fe24a835}\Shell - "" = AutoRun
O33 - MountPoints2\{7d091aef-97f3-11df-8fc4-c417fe24a835}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{86580a92-394e-11e0-a0da-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{86580a92-394e-11e0-a0da-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{86580ac7-394e-11e0-a0da-95a31879848e}\Shell - "" = AutoRun
O33 - MountPoints2\{86580ac7-394e-11e0-a0da-95a31879848e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{86580aca-394e-11e0-a0da-95a31879848e}\Shell - "" = AutoRun
O33 - MountPoints2\{86580aca-394e-11e0-a0da-95a31879848e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8730427f-af66-11df-872a-dc09d9566305}\Shell - "" = AutoRun
O33 - MountPoints2\{8730427f-af66-11df-872a-dc09d9566305}\Shell\AutoRun\command - "" = S:\StartUp.exe
O33 - MountPoints2\{9655b800-d567-11df-b808-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9655b800-d567-11df-b808-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9655b822-d567-11df-b808-e04f27c88013}\Shell - "" = AutoRun
O33 - MountPoints2\{9655b822-d567-11df-b808-e04f27c88013}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a6222d03-f7e1-11df-bd46-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a6222d03-f7e1-11df-bd46-806e6f6e6963}\Shell\AutoRun\command - "" = X:\AutoRun.exe
O33 - MountPoints2\{c049ceb8-d23e-11df-8bb9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c049ceb8-d23e-11df-8bb9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2c69aa0-94f8-11df-a976-002713593692}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c69aa0-94f8-11df-a976-002713593692}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2c69b02-94f8-11df-a976-002713593692}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c69b02-94f8-11df-a976-002713593692}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d77f0be9-f4ce-11df-a265-f3ac8cc99165}\Shell - "" = AutoRun
O33 - MountPoints2\{d77f0be9-f4ce-11df-a265-f3ac8cc99165}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d77f0bfe-f4ce-11df-a265-f3ac8cc99165}\Shell - "" = AutoRun
O33 - MountPoints2\{d77f0bfe-f4ce-11df-a265-f3ac8cc99165}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da17b6f9-f650-11df-81db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{da17b6f9-f650-11df-81db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da17b718-f650-11df-81db-dc2adbf0bd09}\Shell - "" = AutoRun
O33 - MountPoints2\{da17b718-f650-11df-81db-dc2adbf0bd09}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df3be35b-ca70-11df-a2be-ece4948c2504}\Shell - "" = AutoRun
O33 - MountPoints2\{df3be35b-ca70-11df-a2be-ece4948c2504}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{df3be360-ca70-11df-a2be-ece4948c2504}\Shell - "" = AutoRun
O33 - MountPoints2\{df3be360-ca70-11df-a2be-ece4948c2504}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fe33fbc8-cfc3-11df-a63e-aabdffc12e51}\Shell - "" = AutoRun
O33 - MountPoints2\{fe33fbc8-cfc3-11df-a63e-aabdffc12e51}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.06.04 12:23:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.03 10:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.06.03 10:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.06.03 10:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011.06.02 16:41:41 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\DDMSettings
[2011.06.02 16:40:37 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\DivX
[2011.06.02 16:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.06.02 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.06.02 16:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.06.02 16:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.06.02 13:02:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Computer\Desktop\GooredFix.exe
[2011.05.29 10:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.29 10:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.05.29 10:21:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.29 10:14:10 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
[2011.05.28 14:55:10 | 000,000,000 | ---D | C] -- C:\rsit
[2011.05.27 12:52:54 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.27 12:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.05.23 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Sun
[2011.05.23 00:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.05.23 00:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.23 00:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.05.19 18:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.05.18 12:14:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.05.13 18:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2011.05.13 18:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.05.13 18:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011.05.07 12:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011.05.06 15:18:38 | 000,000,000 | ---D | C] -- C:\Users\Computer\Documents\Battlefield Play4Free
[2011.05.06 15:04:11 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011.05.06 15:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010.08.26 19:01:37 | 000,256,560 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.08.26 19:01:33 | 000,203,312 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.08.21 12:41:50 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Computer\AppData\Local\Wtrmrk.exe
========== Files - Modified Within 30 Days ==========
[2011.06.04 13:12:27 | 000,302,592 | ---- | M] () -- C:\Users\Computer\Desktop\ufcctiwn.exe
[2011.06.04 13:10:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.04 13:10:25 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\inbed.job
[2011.06.04 13:10:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.04 13:10:11 | 3017,433,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.04 13:09:06 | 000,000,020 | ---- | M] () -- C:\Users\Computer\defogger_reenable
[2011.06.04 13:08:05 | 000,050,477 | ---- | M] () -- C:\Users\Computer\Desktop\Defogger.exe
[2011.06.04 12:42:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.04 12:34:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3107078819-1132679164-3173212847-1000UA.job
[2011.06.04 12:30:55 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 12:30:55 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 11:41:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3107078819-1132679164-3173212847-1000Core.job
[2011.06.03 10:51:07 | 000,007,596 | ---- | M] () -- C:\Users\Computer\AppData\Local\Resmon.ResmonCfg
[2011.06.02 16:40:53 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.06.02 16:40:53 | 000,001,595 | ---- | M] () -- C:\Users\Computer\Desktop\DivX Movies.lnk
[2011.06.02 16:40:33 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.06.02 13:04:10 | 000,001,238 | ---- | M] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk
[2011.06.02 13:02:49 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Computer\Desktop\GooredFix.exe
[2011.05.29 11:01:30 | 000,001,646 | ---- | M] () -- C:\Users\Computer\Documents\cc_20110529_110125.reg
[2011.05.29 10:47:07 | 000,116,062 | ---- | M] () -- C:\Users\Computer\Documents\cc_20110529_104640.reg
[2011.05.29 10:44:04 | 000,000,929 | ---- | M] () -- C:\Users\Computer\Desktop\CCleaner.lnk
[2011.05.29 10:14:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
[2011.05.28 17:41:14 | 000,075,264 | ---- | M] () -- C:\Users\Computer\Desktop\SystemLook.exe
[2011.05.28 14:35:11 | 000,339,991 | ---- | M] () -- C:\Users\Computer\Desktop\RSIT.exe
[2011.05.27 12:52:54 | 000,002,979 | ---- | M] () -- C:\Users\Computer\Desktop\HiJackThis.lnk
[2011.05.27 10:17:53 | 006,410,000 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.27 10:17:53 | 002,360,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.27 10:17:53 | 001,972,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.27 10:17:53 | 001,766,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.24 10:21:06 | 000,000,137 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.05.23 00:11:56 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.22 11:00:15 | 000,001,849 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\GhostObjGAFix.xml
[2011.05.19 18:23:37 | 020,533,281 | ---- | M] () -- C:\Users\Computer\Documents\vlc-1.1.9-win32.exe
[2011.05.19 15:15:42 | 000,000,184 | --S- | M] () -- C:\Windows\System32\3749645405.dat
[2011.05.13 17:28:01 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.13 17:27:56 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.05.13 15:34:13 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.05.06 15:18:02 | 000,138,056 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\PnkBstrK.sys
========== Files Created - No Company Name ==========
[2011.06.04 13:12:51 | 000,302,592 | ---- | C] () -- C:\Users\Computer\Desktop\ufcctiwn.exe
[2011.06.04 13:08:50 | 000,000,020 | ---- | C] () -- C:\Users\Computer\defogger_reenable
[2011.06.04 13:08:33 | 000,050,477 | ---- | C] () -- C:\Users\Computer\Desktop\Defogger.exe
[2011.06.02 16:40:53 | 000,001,595 | ---- | C] () -- C:\Users\Computer\Desktop\DivX Movies.lnk
[2011.06.02 16:40:33 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.06.02 16:40:19 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.06.02 13:04:10 | 000,001,238 | ---- | C] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk
[2011.05.29 11:01:28 | 000,001,646 | ---- | C] () -- C:\Users\Computer\Documents\cc_20110529_110125.reg
[2011.05.29 10:46:53 | 000,116,062 | ---- | C] () -- C:\Users\Computer\Documents\cc_20110529_104640.reg
[2011.05.29 10:44:04 | 000,000,929 | ---- | C] () -- C:\Users\Computer\Desktop\CCleaner.lnk
[2011.05.29 10:38:49 | 000,075,264 | ---- | C] () -- C:\Users\Computer\Desktop\SystemLook.exe
[2011.05.28 14:35:06 | 000,339,991 | ---- | C] () -- C:\Users\Computer\Desktop\RSIT.exe
[2011.05.27 12:52:54 | 000,002,979 | ---- | C] () -- C:\Users\Computer\Desktop\HiJackThis.lnk
[2011.05.23 00:11:56 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.22 11:00:15 | 000,001,849 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\GhostObjGAFix.xml
[2011.05.19 18:23:19 | 020,533,281 | ---- | C] () -- C:\Users\Computer\Documents\vlc-1.1.9-win32.exe
[2011.05.19 15:04:34 | 000,000,184 | --S- | C] () -- C:\Windows\System32\3749645405.dat
[2011.05.18 09:11:09 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\inbed.job
[2011.05.06 15:03:45 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.03.25 13:43:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.19 16:37:42 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.02.13 03:38:25 | 000,000,096 | ---- | C] () -- C:\Users\Computer\AppData\Local\fusioncache.dat
[2011.01.30 21:53:43 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.30 21:53:42 | 000,138,056 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\PnkBstrK.sys
[2011.01.30 21:53:11 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.30 21:53:10 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.30 21:53:09 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.08.26 19:07:22 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.08.26 19:01:35 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2010.08.26 19:01:34 | 001,765,168 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.08.26 19:01:34 | 000,034,480 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.08.26 19:01:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.08.24 12:22:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010.08.24 12:22:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.08.21 12:41:50 | 002,076,309 | ---- | C] () -- C:\Users\Computer\AppData\Local\ntkrlICE.exe
[2010.08.21 12:41:50 | 000,570,073 | ---- | C] () -- C:\Users\Computer\AppData\Local\gui.exe
[2010.08.21 12:41:50 | 000,397,900 | ---- | C] () -- C:\Users\Computer\AppData\Local\4GB_GER.exe
[2010.08.21 12:41:50 | 000,397,900 | ---- | C] () -- C:\Users\Computer\AppData\Local\4GB_EN.exe
[2010.08.21 12:41:50 | 000,000,518 | ---- | C] () -- C:\Users\Computer\AppData\Local\UNAWAVE_EN.url
[2010.08.21 12:41:50 | 000,000,240 | ---- | C] () -- C:\Users\Computer\AppData\Local\UPDATE.url
[2010.08.21 12:41:50 | 000,000,216 | ---- | C] () -- C:\Users\Computer\AppData\Local\UNAWAVE_GER.url
[2010.08.20 22:33:59 | 000,007,596 | ---- | C] () -- C:\Users\Computer\AppData\Local\Resmon.ResmonCfg
[2010.07.21 20:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.30 12:56:46 | 006,410,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.30 12:56:46 | 001,972,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.30 12:56:46 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.30 12:56:46 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 002,407,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 002,360,424 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 001,766,928 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:19:28 | 000,006,672 | ---- | C] () -- C:\Windows\System32\advapi32g.dat
[2009.07.14 01:19:28 | 000,005,648 | ---- | C] () -- C:\Windows\System32\acleditp.dat
[2009.06.18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== LOP Check ==========
[2010.08.25 18:43:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Autodesk
[2011.05.09 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Canon
[2010.08.24 12:56:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Lite
[2010.08.24 11:30:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Net
[2011.03.07 13:05:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Desktop Apps
[2010.08.08 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.24 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\foobar2000
[2011.03.22 03:04:40 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\GHISLER
[2010.11.28 11:51:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ijjigame
[2010.12.19 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\mquadr.at
[2011.01.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Need for Speed World
[2011.03.08 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\NetDrive
[2010.09.10 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org
[2010.07.23 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Program Files
[2011.03.07 14:29:24 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Typograf
[2010.07.21 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2011.06.04 13:10:25 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\inbed.job
[2011.06.03 10:45:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C86B29EB
< End of report >
--- --- ---
und hier das ergebnis von gmer:
GMER Logfile: Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-04 13:43:47
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS723232L9A360 rev.FC4OC60D
Running: ufcctiwn.exe; Driver: C:\Users\Computer\AppData\Local\Temp\pgddrkoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrlICE.exe!ZwSaveKeyEx + 13AD 83095599 1 Byte [06]
.text ntkrlICE.exe!KiDispatchInterrupt + 5A2 830B9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96040000, 0x2D51CE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[300] ntdll.dll!NtProtectVirtualMemory 76FE51C0 5 Bytes JMP 0185000A
.text C:\Windows\Explorer.EXE[300] ntdll.dll!NtWriteVirtualMemory 76FE5D40 5 Bytes JMP 0186000A
.text C:\Windows\Explorer.EXE[300] ntdll.dll!KiUserExceptionDispatcher 76FE6298 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 76FE51C0 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtWriteVirtualMemory 76FE5D40 5 Bytes JMP 0042000A
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!KiUserExceptionDispatcher 76FE6298 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[976] ole32.dll!CoCreateInstance 764C590C 5 Bytes JMP 00A5000A
.text C:\Windows\system32\svchost.exe[976] USER32.dll!GetCursorPos 7618C198 5 Bytes JMP 00E4000A
.text C:\Windows\system32\svchost.exe[976] USER32.dll!GetForegroundWindow 7619565D 5 Bytes JMP 00E7000A
.text C:\Windows\system32\svchost.exe[976] USER32.dll!WindowFromPoint 761B6D0C 5 Bytes JMP 00E6000A
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2280] kernel32.dll!SetUnhandledExceptionFilter 76853162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5424] USER32.dll!TrackPopupMenu 761B4B3B 5 Bytes JMP 6384C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!NtProtectVirtualMemory 76FE51C0 5 Bytes JMP 001A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!NtWriteVirtualMemory 76FE5D40 5 Bytes JMP 001B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6000] ntdll.dll!KiUserExceptionDispatcher 76FE6298 5 Bytes JMP 0019000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000072 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713593692
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713593692@0022989e319f 0xF3 0xA0 0xD5 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713593692@44f45930e600 0x47 0x6F 0x22 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???j?|??????????????t????????????????????????????3???????????????8??????????????????????????????????????????????????????USB???????4?????????1????????????5??pn???j?j?t?u?????????????????j??????p????????????}??t5?????????????????????????????????????? ????????????????????????h???????|??????????????_n????b??t?????????e?????????????????????????????????????d????????????b??????7????????X?????????????????????????????????????????Video Save????????????????????????????????????????????????????????X??????????t??*teredo??_????????????J??j?????????e?????????????????????????????????j????????m?????????????????? ???????o?????j?????s????????$?????????????@%SystemRoot%\ehome\ehres.dll,-15501?????????????????????????t?t?t???????j??????????????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation?????????????????t????t?t?t???t?????? ?????????????J??j?????????n?????????????B???????e??????????????t???t???@%SystemRoot%\ehome\ehres.dll,-15502? ????N??j???????????e??SSDPSRV?IPBusEnum?TermService?fdphost???????? 4??t?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???l?|??????????????????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0000?????????59??Root\*6TO4MP\0007?????????????????????????????~??l??????????? ???????k?????k?????j????????????$??????????0????X??l??????????????? ???????k???????????v??????????P????????????????k??????????root\rdp_kbd? ???l?????k?&???????????????s??{4d36e97d-e325-11ce-bfc1-08002be10318}?us???? l??n???_?????4?????????????????????????????k?k?k??????????STORAGE\VolumeSnapshot???????????????|???????????d?g? ??????????????t????????????3??????? ???????k?????k?????j????????????%??????????0???????????????????k??? ???????k???????????y??????????P????????????????l???????????l?kos???l?l?l?????????k?&??machine.inf:GENDEV_SYS.NTx86:RDP_KBD:6.1.7600.16385:root\rdp_kbd??????????????????????X?????????????????????????????si???l???????????????????????4?????s6?????X??????i???N???????????????????????????C?????s4-??????????????????? ???????k?????i?????j????????????&? ???????I???{71a27cdd-812a-11d0-bec7-08002be2092f}\0001?in???????0?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x18 0x91 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0x6A 0x6C 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x5E 0x0F 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x61 0x82 0x8A 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1D 0x47 0xDD 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x42 0x6F 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713593692 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713593692@0022989e319f 0xF3 0xA0 0xD5 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713593692@44f45930e600 0x47 0x6F 0x22 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???j?k???j???j?????????????????s????USB??????????????????????????k???j????"??????????k???m??si???k???????|??? $??k???y?????r?s??? ^?????? ???????3??LegacyDriver????PrinterBusEnumerator?m??? ??????????????s????????????j??????si???????????D??????\a???j?j?s???p????N??????D????D??????????k???j???j???k?k?k??????????WPD????????????????????s?????j??????????????????LegacyDriver? ????N??j?????????3??????N???????????D??????i?i?i?j?j???????????i???3???e???????k???j???????j???"??????????????????Net??k???????????D??????\a???????k???????????????T???1??s????????????0???????????????z???k?? ????????????j??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s????????????? ???????k???????????q?????????????????s?????????????????????k???????3???????????????????????????????????????v??e????????????????????????k???f?i?j?j?j?j??????N??k???i????D.6.???h?i?j?i?????????????k???????????3???????????p???k?k?3??? ??k???3??????\r????P??n?????????e?????????j??????s????????????0??e2???k?????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???Z?k????X??????6???6????????????????????????????????????????@??????e??????ag??usbohci??/???????j??????????????????????tunnel?j?j???`?a?`??? ???h?????????-????????????????????????????????NDIS????? ???????Z?????Z???????1????????????&????????????????????i??? ???????????????????Z?1??????*????? ???????6-???????????8??????????dl??????????????????????d?????:??Z??????????Bluetooth-Netzwerkverbindung????? :??????o??????????NDIS?;?????Z????? ???????Z?????Z???????1????????????&???????????????????????? ???????Z???????????Z?1??????*? ??? ???????????????????????????????d????????????????????????Z?Z?Z???? ??Z??????????LAN-Verbindung*????????Z?????????????6??????????ndfs?E???????????????????????g?g?e??????????????????????????????? ???h?????????.?&???????????????????????a?a?`??????????????????????????m???? \??g?????????0?0??4&7a8b3fc&0??????????????????????????????????-??u4???g?g?0??*6to4mp??????????????????????????????Z?Z?Z??????????? ???????Z?????Z???????1????????????&??????????????????????????Z?????Z??? ???????Z?????????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x18 0x91 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0x6A 0x6C 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x5E 0x0F 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x61 0x82 0x8A 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x1D 0x47 0xDD 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x42 0x6F 0xFE ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
--- --- ---
Danke für eure hilfe!!!!! |
