Virus VISTA - auch im Arbeitsspeicher |
||
|---|---|---|
| #0
| ||
|
30.05.2010, 13:33
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
30.05.2010, 13:41
Member
Beiträge: 3716 |
#2
bitte poste erst mal nur das combofix log.
|
|
|
|
|
|
|
30.05.2010, 13:58
...neu hier
Themenstarter Beiträge: 6 |
#3
OTL.txt
OTL logfile created on: 30.05.2010 13:25:33 - Run 1 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\Hendrik\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 77,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 91,45 Gb Total Space | 48,44 Gb Free Space | 52,97% Space Free | Partition Type: NTFS Drive D: | 45,72 Gb Total Space | 45,63 Gb Free Space | 99,79% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DVAG Current User Name: Hendrik Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Hendrik\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\Hendrik\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (WLSetupSvc) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (Anyplace Control Security) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp) DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys () DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010.05.29 18:27:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_08) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hendrik\Pictures\ich werde geliebt!!.jpg O24 - Desktop BackupWallPaper: C:\Users\Hendrik\Pictures\ich werde geliebt!!.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.05.30 13:24:16 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Hendrik\Desktop\OTL.exe [2010.05.29 18:34:38 | 000,000,000 | ---D | C] -- C:\Users\Hendrik\AppData\Local\temp [2010.05.29 18:33:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.05.29 18:25:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.05.29 18:16:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.05.29 18:16:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.05.29 18:16:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.05.29 18:16:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.05.29 18:13:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.29 18:12:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.05.29 18:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.05.29 14:19:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.05.29 14:18:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.05.29 14:18:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010.05.29 14:15:42 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2010.05.29 14:15:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2010.05.29 14:15:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2010.05.29 14:15:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.29 14:14:42 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.05.29 14:14:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.05.29 14:14:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.05.29 14:14:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.05.29 14:14:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.05.29 14:14:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.05.29 14:14:40 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.05.29 14:14:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.05.29 14:14:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.05.29 14:14:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.05.29 14:14:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.05.29 14:14:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.05.29 14:14:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.05.29 14:14:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.05.29 14:14:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.05.29 14:14:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.05.29 14:14:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.05.29 14:14:31 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.05.29 14:14:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2010.05.29 14:14:22 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2010.05.29 14:14:22 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2010.05.29 14:14:00 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2010.05.29 14:13:58 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2010.05.29 14:13:58 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2010.05.29 14:13:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE [2010.05.29 14:13:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2010.05.29 14:13:57 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2010.05.29 14:13:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2010.05.29 14:13:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2010.05.29 14:13:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.05.29 14:13:21 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.05.29 14:13:16 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.05.29 14:12:58 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.05.29 14:12:57 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.05.29 14:12:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2010.05.29 14:12:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2010.05.29 14:12:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2010.05.29 14:12:32 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.05.29 14:12:32 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2010.05.29 14:12:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2010.05.29 14:12:06 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2010.05.29 14:11:42 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.05.29 14:11:39 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.05.29 14:11:36 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2010.05.29 14:11:29 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.05.29 14:11:16 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2010.05.29 14:11:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.05.29 14:04:00 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.05.29 14:03:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.05.29 14:03:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.05.29 14:03:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2010.05.29 14:03:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2010.05.29 14:01:20 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2010.05.29 13:53:01 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2010.05.29 13:53:01 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2010.05.29 13:52:18 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2010.05.29 13:52:18 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2010.05.29 13:52:18 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2010.05.29 13:52:05 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2010.05.29 13:52:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2010.05.29 13:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.05.28 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hendrik\.assistant [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.05.30 13:27:31 | 000,772,096 | ---- | M] () -- C:\Windows\System32\drivers\zfbyqlkk.sys [2010.05.30 13:25:44 | 000,464,491 | ---- | M] () -- C:\Users\Hendrik\Desktop\RootRepeal.zip [2010.05.30 13:25:03 | 002,621,440 | -HS- | M] () -- C:\Users\Hendrik\ntuser.dat [2010.05.30 13:24:52 | 000,293,376 | ---- | M] () -- C:\Users\Hendrik\Desktop\tmkc0q0b.exe [2010.05.30 13:24:18 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Hendrik\Desktop\OTL.exe [2010.05.30 13:09:28 | 000,049,814 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.30 13:09:28 | 000,047,350 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.30 13:09:28 | 000,010,988 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.30 13:09:28 | 000,004,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.30 13:09:28 | 000,003,894 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.30 13:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.30 13:03:42 | 000,524,288 | -HS- | M] () -- C:\Users\Hendrik\ntuser.dat{43ae1f46-41a2-11df-abe2-00030d764b52}.TMContainer00000000000000000001.regtrans-ms [2010.05.30 13:03:42 | 000,065,536 | -HS- | M] () -- C:\Users\Hendrik\ntuser.dat{43ae1f46-41a2-11df-abe2-00030d764b52}.TM.blf [2010.05.30 12:56:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.30 12:56:11 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.30 12:56:11 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.29 18:27:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.05.29 18:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.05.29 18:04:44 | 003,700,568 | R--- | M] () -- C:\Users\Hendrik\Desktop\ComboFix.exe [2010.05.29 17:26:44 | 000,293,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.28 20:30:43 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2010.05.28 20:30:43 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2010.05.27 17:10:52 | 000,000,012 | ---- | M] () -- C:\Users\Hendrik\AppData\Roaming\vqdlkr.dat [2010.05.27 09:19:13 | 000,034,345 | ---- | M] () -- C:\Users\Hendrik\Desktop\pdf-verweis,property=Download.pdf [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.05.30 13:25:43 | 000,464,491 | ---- | C] () -- C:\Users\Hendrik\Desktop\RootRepeal.zip [2010.05.30 13:24:51 | 000,293,376 | ---- | C] () -- C:\Users\Hendrik\Desktop\tmkc0q0b.exe [2010.05.29 18:16:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.05.29 18:16:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.05.29 18:16:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.05.29 18:16:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.05.29 18:16:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.05.29 18:04:39 | 003,700,568 | R--- | C] () -- C:\Users\Hendrik\Desktop\ComboFix.exe [2010.05.29 14:15:42 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2010.05.29 14:14:39 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.05.27 17:11:41 | 000,772,096 | ---- | C] () -- C:\Windows\System32\drivers\zfbyqlkk.sys [2010.05.27 17:10:52 | 000,000,012 | ---- | C] () -- C:\Users\Hendrik\AppData\Roaming\vqdlkr.dat [2010.05.27 09:19:13 | 000,034,345 | ---- | C] () -- C:\Users\Hendrik\Desktop\pdf-verweis,property=Download.pdf [2009.04.15 10:55:52 | 000,000,035 | ---- | C] () -- C:\Windows\A6W.INI [2009.02.14 11:32:38 | 000,000,007 | ---- | C] () -- C:\Windows\System32\Urncb.dll [2008.12.03 19:46:38 | 000,000,024 | ---- | C] () -- C:\Windows\ShellIcon32.dll [2008.10.07 20:56:17 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini [2008.10.07 20:53:44 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS [2008.10.07 20:53:44 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\LVUSBSta.sys [2008.10.07 20:53:44 | 000,005,993 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.06.05 13:49:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.05.15 23:12:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.20 12:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2007.09.20 12:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll [2007.09.20 12:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.09.20 12:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2007.09.20 12:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2007.09.20 12:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2007.09.20 12:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2007.09.20 12:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2007.09.20 12:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2007.09.20 12:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2007.09.20 12:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2007.09.20 12:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2007.09.20 12:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2007.09.20 12:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll [2007.09.20 12:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2007.09.20 12:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2007.09.20 12:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2007.09.20 12:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2007.09.20 12:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.09.20 12:33:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007.08.22 18:05:22 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2007.08.22 08:46:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll < End of report > Extras.txt OTL Extras logfile created on: 30.05.2010 13:25:33 - Run 1 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\Hendrik\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 77,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 91,45 Gb Total Space | 48,44 Gb Free Space | 52,97% Space Free | Partition Type: NTFS Drive D: | 45,72 Gb Total Space | 45,63 Gb Free Space | 99,79% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DVAG Current User Name: Hendrik Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3235664795-838476068-1751600572-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16D87695-2315-489F-8E09-A6953376F49D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{40D1B696-9C91-4621-8FC4-C50C299850B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{47EE76BF-0A2E-4153-B5CC-AD8F52C26962}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{50350459-B6D1-4DD9-8304-ABD7E95F81A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{56AA9F78-BD91-498D-A3B4-2573D236E6D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5B6424EF-374A-4B59-A379-B8EDCC457A7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{6E60A47E-7C08-4CA0-88C1-7FD9EF846FEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7EB9C27C-1E52-4415-9F24-C0AE5B715906}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8029095A-C26C-4FFA-BB0B-6368FD8B907B}" = lport=2869 | protocol=6 | dir=in | app=system | "{CD04F996-3A46-44EB-B038-EF1FEA518D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E0C0A081-D102-49D8-A9E8-9E453E699EAA}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA0C3F48-4E17-4CB5-9634-AA955946F72D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17496262-CEA4-4406-8745-819CCA9DD4F1}" = protocol=6 | dir=in | app=e:\libneap.dll | "{1941177B-40E7-491B-9BF7-56FF4440379A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1ED9A30E-3072-4428-84F1-D6F60466986D}" = protocol=6 | dir=in | app=e:\dwizard300.exe | "{431BC76E-0C79-4C3A-9320-A3E9DFB4FAB5}" = protocol=17 | dir=in | app=e:\dwizard300.exe | "{5B8DB23B-9A88-4391-ABEF-79BA9B61B06B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{6E2BFB29-2E0C-475F-834D-5F68B5AC295E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{81E61AA4-E55C-4F1C-B7F2-664BCF8FE0ED}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{8BE75CC2-CD47-496F-B8EC-10A5A907CD7D}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe | "{923A4E08-8B22-4BEC-BFB0-AF8C0A65420C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{A496C331-7228-4411-A3EE-1E149E028426}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{BA1E9CD5-B3D5-4B1B-B01F-402218491B63}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe | "{BB3EDAAD-ADC3-4E8D-8B48-C006C6F494B0}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{E8F90E26-78C8-4DC7-9338-BF11A6F4FC27}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{FC76BD65-9F77-4A03-BA2D-73EA4DE3D3D2}" = protocol=17 | dir=in | app=e:\libneap.dll | "TCP Query User{0A31740A-ADF0-425F-BEC0-2D396671ED73}D:\sierra entertainment\world in conflict\wic.exe" = protocol=6 | dir=in | app=d:\sierra entertainment\world in conflict\wic.exe | "TCP Query User{295302AB-834E-4E05-AA7D-4C0488B68BF4}D:\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\empire interactive\flatout2\flatout2.exe | "TCP Query User{2FC8B1FA-3404-47A5-9830-12E7C1F64CFD}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{522B2632-B3B9-4992-9562-0F60A559A425}\\fröhlichseinpc\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=\\fröhlichseinpc\unreal tournament 3 (lg)\binaries\ut3.exe | "TCP Query User{5871F3ED-35FB-46C3-B71E-EA4298A1266F}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | "TCP Query User{655BB0F7-67CE-4699-A55F-F91FC65C5FA3}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{6AFF09D1-D04C-4DE7-BB78-B333FB116C6C}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | "TCP Query User{6FB95B7C-493E-4181-AFEE-13303861236C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{76A2AB4B-9C21-4C76-9487-951523A726F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{772057CD-EE6E-4A8B-9A02-1D2624241356}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{7CEABFE1-4D8E-4181-AAAB-5AAA9E049B2B}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{86FB3280-9CC7-408E-ACEB-6850B5A1048D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{98AEA8D5-1148-41B6-80A3-194FB9222E84}C:\program files\popcap games\zuma deluxe\zuma.exe" = protocol=6 | dir=in | app=c:\program files\popcap games\zuma deluxe\zuma.exe | "TCP Query User{9BCE756C-4FFC-4531-8EFE-A23C26FBCD85}F:\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=f:\empire interactive\flatout2\flatout2.exe | "TCP Query User{A3E0DCD8-9EC4-441B-9D98-6504FB055FB0}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{A7E388D5-6629-48C9-B3FB-30E468A9DB2E}C:\program files\bitmap brothers\z\winz.exe" = protocol=6 | dir=in | app=c:\program files\bitmap brothers\z\winz.exe | "UDP Query User{2F500486-8C27-4060-823C-ACBD6A5E21A4}C:\program files\popcap games\zuma deluxe\zuma.exe" = protocol=17 | dir=in | app=c:\program files\popcap games\zuma deluxe\zuma.exe | "UDP Query User{413B60E6-D6A6-4C0C-874A-A9EF25F6E882}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{567279E0-0986-47FC-B621-7E350382B4A1}C:\program files\bitmap brothers\z\winz.exe" = protocol=17 | dir=in | app=c:\program files\bitmap brothers\z\winz.exe | "UDP Query User{6B6123A1-0255-47B0-8F96-1893FA04BF7C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{7868BE08-E05F-4EAF-800A-AD1B4F4EE980}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{79A1F9E4-3414-4AD7-960A-502E82AB55CC}D:\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\empire interactive\flatout2\flatout2.exe | "UDP Query User{7ECDED89-150E-4C01-971C-77345811C887}\\fröhlichseinpc\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=\\fröhlichseinpc\unreal tournament 3 (lg)\binaries\ut3.exe | "UDP Query User{AB1C5B02-2F9D-4B47-A502-4D1EE3109597}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | "UDP Query User{B17507C4-F277-4574-B486-98C3E5DC5B93}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{CDD2D4B8-B2A6-4AC0-A31D-27AC78176CDD}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{CDE1948A-3CFC-4DD3-89D8-9D57BFDDA68A}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | "UDP Query User{D22FECF1-7BB6-46B7-BE96-8F18FE9EA44D}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{DB84ABF9-765D-4846-891F-B550ACE8A177}F:\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=f:\empire interactive\flatout2\flatout2.exe | "UDP Query User{EF1E85EB-C7C9-4046-ADB4-33401CDB7309}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{F279E23F-270B-41A7-ACED-A3C79E124E9C}D:\sierra entertainment\world in conflict\wic.exe" = protocol=17 | dir=in | app=d:\sierra entertainment\world in conflict\wic.exe | "UDP Query User{F5D27CBA-82BB-4B7D-9B52-EB01A28AC758}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German "{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian "{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish "{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French "{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility "{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese "{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard "{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch "{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08 "{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard "{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials "{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{91E0258F-5EB1-4790-A92C-F5882DF1D3B5}" = DVAG Online-System "{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional "{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English "{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing "{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4 "{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static "{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03E883E-ADD1-4293-8B3A-C39FFFEC1136}_is1" = Steuerentlastungs-Rechner 2010 "{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch "{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New "{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ATI Uninstaller" = ATI Uninstaller "avast!" = avast! Antivirus "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ElsterFormular 11.2.0.4074" = ElsterFormular "HijackThis" = HijackThis 2.0.2 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU" = Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU "PokerStars.net" = PokerStars.net "Samsung CLP-510 Series" = Samsung CLP-510 Series "SMSERIAL" = Motorola SM56 Data Fax Modem "sv.net" = sv.net "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR "Zattoo" = Zattoo 3.3.3 Beta "Zuma Deluxe 1.0" = Zuma Deluxe 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FileZilla Client" = FileZilla Client 3.2.1 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 28.05.2010 02:36:57 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Error - 28.05.2010 02:37:03 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Error - 28.05.2010 04:29:39 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 28.05.2010 08:07:04 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 28.05.2010 14:40:41 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 29.05.2010 07:48:02 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 29.05.2010 08:07:44 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 29.05.2010 11:36:45 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 29.05.2010 12:12:24 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. Error - 29.05.2010 12:38:22 | Computer Name = dvag | Source = avast! | ID = 33554522 Description = Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000001F. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
|
|
|
|
|
|
30.05.2010, 14:09
Member
Beiträge: 3716 |
#4
combofix log möchte ich bitte erst mal
|
|
|
|
|
|
|
30.05.2010, 14:10
...neu hier
Themenstarter Beiträge: 6 |
#5
Zitat virenfinder postetesorry zu spät gelesen... Hier: ComboFix 10-05-28.08 - Hendrik 29.05.2010 18:18:14.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1789.1100 [GMT 2:00] ausgeführt von:: c:\users\Hendrik\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 081121-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1229 [VPS 081121-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\system32\%appdata% c:\windows\system32\skinboxer43.dll c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . Nicht in der Lage zu löschen . ((((((((((((((((((((((( Dateien erstellt von 2010-04-28 bis 2010-05-29 )))))))))))))))))))))))))))))) . 2010-05-29 16:25 . 2010-05-29 16:27 -------- d-----w- c:\users\Hendrik\AppData\Local\temp 2010-05-29 16:25 . 2010-05-29 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-29 16:06 . 2010-05-29 16:06 -------- d-----w- c:\program files\CCleaner 2010-05-29 12:19 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-05-29 12:18 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-05-29 12:18 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-05-29 12:18 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-05-29 12:15 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2010-05-29 12:15 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-05-29 12:15 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-05-29 12:15 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-05-29 12:15 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2010-05-29 12:15 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-05-29 12:15 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-05-29 12:15 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-29 12:13 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-05-29 12:12 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-05-29 12:11 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-05-29 12:04 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-05-29 12:03 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-05-29 12:03 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-05-29 12:03 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-05-29 12:03 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-05-29 12:03 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2010-05-29 12:03 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-05-29 12:03 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-05-29 12:03 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-05-29 12:03 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2010-05-29 12:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2010-05-29 11:53 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-05-29 11:53 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-05-29 11:53 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-05-29 11:53 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-05-29 11:52 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-05-29 11:52 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-05-29 11:52 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-05-29 11:52 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-05-29 11:52 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-05-29 11:40 . 2010-05-29 11:40 -------- d-----w- c:\program files\Trend Micro 2010-05-28 12:35 . 2010-05-28 12:35 -------- d-----w- c:\users\Hendrik\.assistant . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 16:09 . 2009-07-10 09:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-05-29 16:06 . 2006-11-02 15:33 50800 ----a-w- c:\windows\system32\perfh007.dat 2010-05-29 16:06 . 2006-11-02 15:33 11572 ----a-w- c:\windows\system32\perfc007.dat 2010-05-29 15:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-05-28 18:37 . 2009-07-10 09:16 -------- d-----w- c:\programdata\Lavasoft 2010-05-28 18:30 . 2010-04-26 07:16 54 ----a-w- c:\windows\system32\rp_stats.dat 2010-05-28 18:30 . 2010-04-26 07:16 39 ----a-w- c:\windows\system32\rp_rules.dat 2010-05-27 15:10 . 2010-05-27 15:10 12 ----a-w- c:\users\Hendrik\AppData\Roaming\vqdlkr.dat 2010-05-12 09:21 . 2009-10-04 19:41 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-06 14:34 . 2010-03-10 10:30 -------- d-----w- c:\program files\ElsterFormular 2010-04-23 11:41 . 2008-11-22 13:39 26 ----a-w- c:\windows\popcinfo.dat 2010-03-05 14:01 . 2010-05-29 12:11 420352 ----a-w- c:\windows\system32\vbscript.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2008-10-07 18:55 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-02-26 18:46 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-04-10 14:01 4431872 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-18 21:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "<NO NAME>"= [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3235664795-838476068-1751600572-1000] "EnableNotificationsRef"=dword:00000001 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [x] R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [x] R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2004-05-21 163328] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - zfbyqlkk . Inhalt des "geplante Tasks" Ordners . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = localhost TCP: {D3F482FC-2ACA-4B55-83CA-D15A07DA854A} = 172.30.3.9 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe ActiveSetup-ccc-core-static - msiexec ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-29 18:27 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\zfbyqlkk] . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3235664795-838476068-1751600572-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92124A76-A3C0-C17B-90E9-F999EE1FA1A7}*] "hafdaaaglieondia"=hex:6a,61,63,6a,63,6a,62,68,6a,70,62,70,6b,66,6a,63,69,69, 6a,61,00,00 "iapicgfcfdjfeibgnb"=hex:6a,61,63,6a,63,6a,62,68,6a,70,62,70,6b,66,6a,63,69,69, 6a,61,00,00 "gaofmjhinepkbm"=hex:6b,61,62,6a,6d,6b,68,6b,62,6a,6e,6f,61,6c,62,68,65,6e,63, 6b,6e,6b,00,7f "haofmjhinepkbmog"=hex:66,61,63,6a,66,65,6f,63,64,70,62,6f,00,01 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:000000b5 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\conime.exe c:\program files\Alwil Software\Avast4\ashDisp.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-29 18:34:35 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-29 16:34 Vor Suchlauf: 8 Verzeichnis(se), 50.140.102.656 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 50.002.874.368 Bytes frei Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 636EA23A386AB8FE0C96ACF48C48229F |
|
|
|
|
|
|
30.05.2010, 14:25
Member
Beiträge: 3716 |
#6
download den avenger, entpacke ihn, vista oder win 7 user, rechtsklick auf avenger.exe, als admin starten, füge wie in der anleitung beschrieben folgendes script ein.
http://virus-protect.org/artikel/tools/avenger.html Drivers To disable: zfbyqlkk Drivers to delete: zfbyqlkk Files to delete: C:\windows\system32\drivers\zfbyqlkk.sys schalte alle laufenden programme ab, führe das script wie beschrieben aus, poste das log. |
|
|
|
|
|
|
30.05.2010, 16:13
...neu hier
Themenstarter Beiträge: 6 |
#7
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "zfbyqlkk" disabled successfully. Driver "zfbyqlkk" deleted successfully. File "C:\Windows\system32\drivers\zfbyqlkk.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. Ist das nun alles? Oder kommt das Ding wieder zurück, sobald ich ins Internet geh =( Wäre ja cool und zu einfach gewesen ;-) |
|
|
|
|
|
|
30.05.2010, 16:39
Member
Beiträge: 3716 |
#8
upgrade avast auf version 5.
dann poste das fehlende aus dieser anleitung. http://board.protecus.de/t23188.htm |
|
|
|
|
|
|
01.06.2010, 09:50
...neu hier
Themenstarter Beiträge: 6 |
#9
Hijack
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:48:18, on 01.06.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D3F482FC-2ACA-4B55-83CA-D15A07DA854A}: NameServer = 172.30.3.9 O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe (file missing) O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing) -- End of file - 4725 bytes Uninstall-List Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8 - Deutsch Adobe Shockwave Player 11.5 AMR to MP3 Converter 1.4 ATI Uninstaller avast! Pro Antivirus Bejeweled 2 Deluxe Compatibility Pack für 2007 Office System DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Plus Web Player ElsterFormular FreeMind HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB945282) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946040) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946308) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946344) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946581) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB947540) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB947789) Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB951708) ICQ6 Java 2 Runtime Environment, SE v1.4.2_08 Java(TM) 6 Update 17 Logitech Desktop Messenger Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office XP Professional mit FrontPage Microsoft Silverlight Microsoft SQL Server 2008 Management Objects Microsoft SQL Server Database Publishing Wizard 1.3 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual Studio Web Authoring Component Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu Microsoft Works Microsoft WSE 3.0 Runtime Motorola SM56 Data Fax Modem MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero 7 Essentials PokerStars.net Realtek High Definition Audio Driver Samsung CLP-510 Series Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Spybot - Search & Destroy SQL Server System CLR Types Steuerentlastungs-Rechner 2010 sv.net VC80CRTRedist - 8.0.50727.4053 VLC media player 0.9.8a Windows Live installer WinRAR Zattoo 3.3.3 Beta Zuma Deluxe 1.0 |
|
|
|
|
|
|
01.06.2010, 15:39
Member
Beiträge: 3716 |
#10
malwarebytes fehlt.
|
|
|
|
|
|
|
03.06.2010, 09:18
...neu hier
Themenstarter Beiträge: 6 |
#11
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org Datenbank Version: 4166 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18702 03.06.2010 09:17:18 mbam-log-2010-06-03 (09-17-18).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 122197 Laufzeit: 5 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. alles dufte 
|
|
|
|
|
|
|
03.06.2010, 13:14
Member
Beiträge: 3716 |
#12
besuche die windows update seite, sp2 drauf + fehlende updates, rechtsklick hijackthis, scan als admin, neues log posten.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Mein Virentool, AVAST, hat schon die fehlerhafte Datei ausfindig gemacht, aber sie kann nicht gelöscht werden, auch manuell nicht. Dann wird ein Fehler gezeigt: Ein an das System angeschlossenes Gerät funktioniert nicht.
Habe es auch schon mit Hijack this probiert, auch mit ComboFix =( Nix...
Die Datei heißt: zfbyqlkk.sys und ist im System32/drivers - Ordner... wird auch in div. Logfiles angezeigt... Aber ich bekomm den Mist einfach net weg. Vor allem, immer wenn ich wieder ins Internet geh, scheint er sich wieder neu zu aktivieren... *kotz*
Der Vorgang soll auch im Taskplaner sein, aber wohl versteckt... Denn wenn ich den öffne, steht nichts drin. Auch erscheint im Taskmanager die Datei dllhost die da eigentlich ja nix zu suchen hat -.-
Habe hier nun im Forum einen ähnlichen Fall gefunden und mich daran orientiert. http://board.protecus.de/t39348.htm
Poste nun hier gleich die einzelnen Logs... Ich hoffe ihr könnt mir helfen =(