Rokop Security

Willkommen, Gast ( Anmelden | Registrierung )

 
Closed TopicStart new topic
> OTL logg verdacht Tro.BHO.O, verdacht auf tojaner bho.o
r00t
Beitrag 08.06.2010, 14:25
Beitrag #1



Kennt sich hier aus
***

Gruppe: Mitglieder
Beiträge: 161
Mitglied seit: 09.08.2004
Mitglieds-Nr.: 1.319



Hallo Rokop

Ich habe mal wieder ein ungebetenen Gast auf meinem Pc denke ich. Angefangen hat es eben damit das meine Browser nicht mehr funtionierten und nunja nun geht wenigstens Ie wieder ... ich habe mit Malewarebytes gescannt und den Tojaner BHO.O gefunden. Problem ist nun folgendes, der Trojan ist auf einmal nicht mehr findbar Ie geht wieder , firefox leider nicht und mein System kommt mir immernoch infiziert vor. Nun habe ich mal mit OTL ein Logg erstellt, wäre nett wenn ihr euch das mal anschaut.


OTL logfile created on: 08.06.2010 15:15:50 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\n3tgh0st\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 19,97 Gb Free Space | 26,05% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 8,58 Gb Free Space | 11,52% Space Free | Partition Type: NTFS
Drive E: | 2,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELITE
Current User Name: n3tgh0st
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\n3tgh0st\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\n3tgh0st\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (RalinkRegistryWriter) -- C:\Programme\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (utczmjuz) -- C:\Windows\System32\drivers\utczmjuz.sys ()
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (t3) -- C:\Windows\System32\drivers\t3.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.8.6
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.03.17 17:36:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.03.17 17:36:40 | 000,000,000 | ---D | M]

[2009.08.03 16:04:28 | 000,000,000 | ---D | M] -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Extensions
[2010.06.07 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions
[2010.03.29 01:12:33 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.01.06 05:32:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.08.30 16:15:52 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\n3tgh0st\AppData\Roaming\mozilla\Firefox\Profiles\umn1bxf2.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.03.24 16:12:38 | 000,000,917 | ---- | M] () -- C:\Users\n3tgh0st\AppData\Roaming\Mozilla\FireFox\Profiles\umn1bxf2.default\searchplugins\conduit.xml
[2010.06.03 01:04:59 | 000,000,950 | ---- | M] () -- C:\Users\n3tgh0st\AppData\Roaming\Mozilla\FireFox\Profiles\umn1bxf2.default\searchplugins\icqplugin-1.xml
[2009.08.11 17:37:40 | 000,000,822 | ---- | M] () -- C:\Users\n3tgh0st\AppData\Roaming\Mozilla\FireFox\Profiles\umn1bxf2.default\searchplugins\icqplugin.xml
[2010.06.08 15:05:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.08.03 16:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\n3tgh0st\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\n3tgh0st\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003.02.20 00:57:36 | 000,006,578 | R--- | M] () - E:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2000.09.05 11:00:00 | 000,532,480 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.02.20 00:57:36 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{85d629cc-707b-11df-b2c5-001d608d83e0}\Shell - "" = AutoRun
O33 - MountPoints2\{85d629cc-707b-11df-b2c5-001d608d83e0}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{b0a7a0bd-802d-11de-a1d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b0a7a0bd-802d-11de-a1d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2000.09.05 11:00:00 | 000,532,480 | R--- | M] (Indigo Rose Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.06.08 15:14:50 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\n3tgh0st\Desktop\OTL.exe
[2010.06.08 14:03:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.06.08 13:51:17 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.06.08 12:17:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.06.08 12:17:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.06.08 12:17:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.06.08 12:17:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.06.07 20:56:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010.06.05 11:58:55 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick
[2010.06.05 11:58:39 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusb.sys
[2010.06.05 11:58:39 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.dll
[2010.06.05 11:58:39 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys
[2010.06.05 11:58:39 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2010.06.05 11:58:38 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\AVM_Driver
[2010.06.04 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2010.06.04 20:26:21 | 000,054,016 | ---- | C] (OrangeWare Corporation) -- C:\Windows\System32\drivers\ousb2hub.sys
[2010.06.04 20:26:21 | 000,039,040 | ---- | C] (OrangeWare Corporation) -- C:\Windows\System32\drivers\ousbehci.sys
[2010.06.04 20:26:21 | 000,000,000 | ---D | C] -- C:\Windows\Drivers
[2010.06.04 17:51:27 | 000,798,208 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
[2010.06.04 17:51:27 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2010.06.04 17:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2010.06.04 17:51:05 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2010.06.04 17:50:51 | 001,585,152 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2010.06.04 17:50:51 | 000,769,536 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAIHV.dll
[2010.06.04 17:50:51 | 000,097,280 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RAEXTUI.dll
[2010.06.04 17:50:48 | 000,000,000 | ---D | C] -- C:\Programme\Ralink
[2010.06.03 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\LUI v30001
[2010.05.29 15:07:26 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.05.29 15:07:26 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.05.29 15:07:26 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.05.24 07:52:29 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\Neuer Ordner
[2010.05.23 11:04:15 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\autocad 2010 crack
[2010.05.20 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\n3tgh0st\Desktop\Funz_moddet
[2010.05.20 18:10:00 | 000,000,000 | ---D | C] -- C:\Programme\mp3DirectCut
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.08 15:15:22 | 002,097,152 | -HS- | M] () -- C:\Users\n3tgh0st\NTUSER.DAT
[2010.06.08 15:14:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\n3tgh0st\Desktop\OTL.exe
[2010.06.08 15:03:57 | 000,033,164 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.08 15:03:57 | 000,033,164 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.08 15:03:49 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.08 15:03:49 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.08 15:03:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.08 15:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.08 15:03:42 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.08 15:00:41 | 002,533,939 | -H-- | M] () -- C:\Users\n3tgh0st\AppData\Local\IconCache.db
[2010.06.08 12:17:10 | 003,704,374 | R--- | M] () -- C:\Users\n3tgh0st\Desktop\ComboFix.exe
[2010.06.08 12:03:01 | 000,626,596 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.08 12:03:00 | 001,509,842 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.08 12:03:00 | 000,657,758 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.08 12:03:00 | 000,123,282 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.08 12:03:00 | 000,110,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.07 21:42:42 | 000,239,880 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\mindfuck3.jpg
[2010.06.06 17:37:41 | 043,367,066 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\phpbb_db_backup.sql
[2010.06.06 14:01:53 | 000,027,732 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\olol.png
[2010.06.05 17:31:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.06.05 17:25:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.06.04 21:14:43 | 000,000,375 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.06.03 23:25:49 | 015,829,457 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\LUI v30001.zip
[2010.06.01 18:21:03 | 000,033,187 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\omfg.jpg
[2010.05.29 18:17:03 | 001,806,661 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\PKK.mp3
[2010.05.29 15:36:34 | 000,000,500 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\dre.html
[2010.05.29 15:07:26 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.05.29 15:07:26 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.05.29 15:07:26 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.05.28 17:18:07 | 000,106,811 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\internets_srs_bsns_ninjas.jpg
[2010.05.28 13:11:58 | 001,002,240 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\Bild015.jpg
[2010.05.26 13:03:44 | 000,005,266 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\pic_1186611850_7.jpg
[2010.05.26 13:03:44 | 000,000,848 | ---- | M] () -- C:\Users\n3tgh0st\.recently-used.xbel
[2010.05.24 07:51:51 | 002,797,291 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\funs2(2).rar
[2010.05.23 11:04:11 | 005,281,099 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\autocad_2010_crack.rar
[2010.05.20 18:42:00 | 007,011,193 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\funsupdate.rar
[2010.05.20 18:10:00 | 000,000,852 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\mp3DirectCut.lnk
[2010.05.20 18:09:24 | 000,212,713 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\mp3DC211.exe
[2010.05.20 18:00:43 | 000,148,311 | ---- | M] () -- C:\Users\n3tgh0st\Desktop\WoWScrnShot_052010_175516.jpg
[2010.05.11 20:37:10 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.08 13:09:50 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.08 12:17:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.08 12:17:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.08 12:17:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.08 12:17:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.08 12:17:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.07 21:42:41 | 000,239,880 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\mindfuck3.jpg
[2010.06.06 17:37:29 | 043,367,066 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\phpbb_db_backup.sql
[2010.06.06 14:01:53 | 000,027,732 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\olol.png
[2010.06.06 14:00:05 | 000,029,763 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\7f1fa400fec9f33df5465c7c17c866d2.png
[2010.06.05 17:25:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.06.05 11:58:40 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2010.06.04 17:51:27 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010.06.03 23:25:00 | 015,829,457 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\LUI v30001.zip
[2010.06.01 18:21:03 | 000,033,187 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\omfg.jpg
[2010.05.29 18:27:59 | 001,806,661 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\PKK.mp3
[2010.05.29 15:08:07 | 001,002,240 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\Bild015.jpg
[2010.05.28 17:18:06 | 000,106,811 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\internets_srs_bsns_ninjas.jpg
[2010.05.26 13:03:44 | 000,000,848 | ---- | C] () -- C:\Users\n3tgh0st\.recently-used.xbel
[2010.05.26 13:01:20 | 000,005,266 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\pic_1186611850_7.jpg
[2010.05.24 07:51:48 | 002,797,291 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\funs2(2).rar
[2010.05.23 11:03:53 | 005,281,099 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\autocad_2010_crack.rar
[2010.05.21 19:57:07 | 000,003,563 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\tunein-station.pls
[2010.05.20 18:10:31 | 007,011,193 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\funsupdate.rar
[2010.05.20 18:10:00 | 000,000,852 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\mp3DirectCut.lnk
[2010.05.20 18:09:24 | 000,212,713 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\mp3DC211.exe
[2010.05.20 18:00:42 | 000,148,311 | ---- | C] () -- C:\Users\n3tgh0st\Desktop\WoWScrnShot_052010_175516.jpg
[2010.05.11 20:37:10 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.01.07 02:01:41 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utczmjuz.sys
[2009.12.07 05:27:25 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009.12.07 05:27:25 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009.12.07 05:27:25 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009.12.07 05:27:25 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009.12.07 05:27:25 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009.12.07 05:27:25 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009.11.27 18:09:57 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.11.14 09:46:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.08.13 15:44:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2009.08.13 15:44:29 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009.08.13 15:44:29 | 000,000,539 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009.08.13 15:44:27 | 000,000,727 | R--- | C] () -- C:\Windows\cmudax3.ini
[2009.08.12 21:08:33 | 000,004,626 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2009.08.12 21:08:08 | 000,000,049 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.08.12 21:07:11 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009.08.12 21:07:11 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009.08.12 21:07:11 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009.08.12 21:07:11 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009.08.12 21:07:11 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009.08.12 21:07:11 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009.08.12 21:07:11 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009.08.12 21:07:11 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009.08.12 21:07:11 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009.08.12 21:07:11 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009.08.12 21:07:11 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009.08.12 21:07:10 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009.08.12 21:07:10 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009.08.12 21:06:58 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.08.12 21:06:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.08.12 12:31:35 | 000,065,536 | R--- | C] () -- C:\Windows\VMix.dll
[2009.08.03 16:39:27 | 000,148,992 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2009.08.03 15:47:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.08.03 15:47:03 | 000,009,697 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.08.03 15:46:53 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009.04.14 15:34:28 | 000,033,080 | ---- | C] () -- C:\Windows\System32\t3.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL
< End of report >


--------------------
Go to the top of the page
 
+Quote Post
r00t
Beitrag 08.06.2010, 14:27
Beitrag #2



Kennt sich hier aus
***

Gruppe: Mitglieder
Beiträge: 161
Mitglied seit: 09.08.2004
Mitglieds-Nr.: 1.319



Die Extra.txt muss ich hier nochmal posten ... weiss net ob die benötigt wird aber nundenn.

OTL Extras logfile created on: 08.06.2010 15:15:50 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\n3tgh0st\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 19,97 Gb Free Space | 26,05% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 8,58 Gb Free Space | 11,52% Space Free | Partition Type: NTFS
Drive E: | 2,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELITE
Current User Name: n3tgh0st
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E4FED10-EBAA-4281-B438-791F5BCD0BDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2815FA16-933B-4955-B2F8-12C6A48D1569}" = rport=137 | protocol=17 | dir=out | app=system |
"{32FFB25D-9786-43CC-B21B-0EC713653426}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{40738E1F-B732-4CD5-B15A-BE05C516E294}" = rport=139 | protocol=6 | dir=out | app=system |
"{48E6C78E-E018-4803-9115-79412130F847}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FE1AEFD-6724-4798-A477-EE513B24EE0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B396916-F294-49EF-ACDA-C654584E4EDF}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CC2AC9E-D0A5-49B2-AF83-614515953D15}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3584FDB-6A58-4EA7-97DF-D3309196D226}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6A2B4AC-A1CF-40A0-9A7B-99F61088765E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE7F3D4D-5CA0-43A4-8B29-514350528DA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D7540180-E3DF-43AA-B403-104B32DE101E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18492B49-B7A9-49C2-A073-4726E9332E97}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{27D97F0A-146A-4BBB-9F59-33CD0DEB47B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5941B878-6D1A-49FD-A0F5-27FB27565E82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5E3BB18E-7435-4378-88B8-0CC2AE0134AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A9CD24AD-47D8-4B15-A05F-30683175BE8D}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{B8FFAD08-B162-4667-9898-0B2C058E2BD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9F6AB2D-EA66-4694-8255-2F6CD3AD3122}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C27E39E7-B172-49FD-8DD8-60C852E7112F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C2F1F424-ADA3-44A0-9366-7798E786372E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EC0B8A0D-7260-4DB4-A156-F8C497D16A67}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EEB8D083-212A-4C8F-86A6-6CE9BFAB8A1E}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{19B690B3-A444-441B-86A1-A4C8A1C4AC38}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1C8C3ECF-B3FD-4ED4-9BEC-EFD9FD75226F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{10CB1731-9792-4DDA-BBC1-52573AA53647}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{E78A3F5E-3E25-4D97-8500-E99EFDB1CA8B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox!
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (murb.com Edition) 2.2
"{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CurseClient" = Curse Client
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.2.1
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"Host OpenAL" = Host OpenAL
"ICQToolbar" = ICQ Toolbar
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mumble" = Mumble and Murmur
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PSPad editor_is1" = PSPad editor
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Thoosje Vista Tweaker" = Thoosje Vista Tweaker
"Trillian" = Trillian
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Logs Client" = World of Logs Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


--------------------
Go to the top of the page
 
+Quote Post
markusg
Beitrag 08.06.2010, 14:46
Beitrag #3



Wohnt schon fast hier
*****

Gruppe: Mitglieder
Beiträge: 1.300
Mitglied seit: 11.02.2009
Mitglieds-Nr.: 7.357



erstelle und poste ein combofix log.
http://www.paules-pc-forum.de/forum/4-pc-s...-anleitung.html
öffne malwarebytes, logdateien, poste das log mit den funden.
Go to the top of the page
 
+Quote Post
raman
Beitrag 08.06.2010, 14:46
Beitrag #4



AV-Spezialist
Gruppensymbol

Gruppe: Mitarbeiter
Beiträge: 2.922
Mitglied seit: 27.04.2003
Wohnort: Nordhorn
Mitglieds-Nr.: 59



Teste bitte die DAtei C:\Windows\System32\drivers\utczmjuz.sys bei virustotal.com und poste den Link zum Ergebniss.

Ansonsten, setz dein System besser neu auf, es beinhaltet nicht einmal ein SP (sp2+ ist aktuell) und ueberlege dir, dich etwas von cracks und co fern zu halten, sonst bist du schneller mit Problemen wieder hier, als dir lieb ist.....


--------------------
MfG Ralf
Go to the top of the page
 
+Quote Post
r00t
Beitrag 08.06.2010, 14:58
Beitrag #5



Kennt sich hier aus
***

Gruppe: Mitglieder
Beiträge: 161
Mitglied seit: 09.08.2004
Mitglieds-Nr.: 1.319



Hi Raman ...

Ja denn werde ich wohl ma neu installieren ... hatte ich eh schon länger nicht mehr gemacht.

Virustotal sagt http://www.virustotal.com/de/analisis/7ae9...c237-1276005175

Rootkit.Bagle.K sagt Gdata ...

(@cracks : ja ist mir bewusst das das net so toll is danke für den Hinweiss)

Würde sagen das Thread kann denn ggf geschlossen werden danke "malwieder" für die Hilfe wink.gif

mfg r00t


--------------------
Go to the top of the page
 
+Quote Post
raman
Beitrag 08.06.2010, 15:07
Beitrag #6



AV-Spezialist
Gruppensymbol

Gruppe: Mitarbeiter
Beiträge: 2.922
Mitglied seit: 27.04.2003
Wohnort: Nordhorn
Mitglieds-Nr.: 59



Die Datei kann ein Ueberbleibsel von einem Bagle sein, aber auch von der Nutzung von AVZ stammen.


--------------------
MfG Ralf
Go to the top of the page
 
+Quote Post
Rene-gad
Beitrag 08.06.2010, 19:07
Beitrag #7



Gehört zum Inventar
******

Gruppe: Mitglieder
Beiträge: 2.020
Mitglied seit: 14.08.2003
Wohnort: Linz
Mitglieds-Nr.: 149

Betriebssystem:
Windows 10 Home x64
Virenscanner:
Windows Defender
Firewall:
Router+Windows Firewall



ZITAT(raman @ 08.06.2010, 16:06) *
Die Datei kann ... auch von der Nutzung von AVZ stammen.
Darauf wette ich wink.gif


--------------------
Gruß
Rene-gad

Sobald ein Troll, DAU oder Elch im Lauf eines Threads auf heftige Kritik stößt, argumentiert er mit der Arroganz des Kritikers. Dies kann auch vorsorglich erfolgen.
Roesen's Law
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic
1 Besucher lesen dieses Thema (Gäste: 1 | Anonyme Besucher: 0)
0 Mitglieder:

 



Vereinfachte Darstellung Aktuelles Datum: 23.07.2018, 09:06
Impressum