| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infektion mit Malware u.A. Win32/ZwangiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2011, 19:18
| #1 |
 |  Infektion mit Malware u.A. Win32/Zwangi Hallo ans Forum, nun hat es mich erwischt... ich hab mir was gefangen  Ich bin mir nicht sicher, von wo ich infiziert wurde (habe allerdings die externe FP mit dem Film aus dem Bekanntenkreis im Verdacht) Wie dem auch sei, hier mal die Entwicklung: 1. Ich habe beim deinstallieren von einem Programm in der Systemsteuerung mir unbekannte Programme gefunden (weiß die Namen leider nicht mehr bezogen sich aber in igendeiner Form auf Handel/Daten). Dann habe ich mir noch nicht viel dabei gedacht und diese mit Stirnrunzeln (...wo kommen die denn her?) deinstalliert. 2. WindowsDefender meldet: Browser Modifier: Win32/Zwangi -> in Quarantäne verschoben und neustart 3. Malwarebyte installiert und nach Anleitung gescannt (log unten) und Ausgewählte entfernen ausgeführt 4. Spybot installiert und angemacht, immunisiert, aber noch keine Prüfung, wollte Euch hier nicht durcheinanderbringen. Teatimer läuft in der Hoffnung, das dieser witeres ausbreiten eindämmt. 5. OTL ausgeführt nach Anleitung (log siehe unten) So, jetzt bräuchte ich weiter Infos, was ich noch tun soll und hätte auch noch Fragen: A) Müsste ich OTL mit "Scanne alle Benutzer" laufen lassen? B) Hier hängen noch weitere Rechner im Netzwerk, bei gemeinsamen Zugriff auf ein Netzlaufwerk an der Fritzbox, hier hat Malwarebyte keine infizierten Dateien gefunden. Kann ich davon ausgehen, das die dann OK sind? So, jetzt schon mal Danke vorab Jan edit: wie kann ich die logs denn in die scrollbaren fenster bekommen? mbam log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5538 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 17.01.2011 18:10:39 mbam-log-2011-01-17 (18-10-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 174710 Laufzeit: 3 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 6 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790472B776545236AF91 (Malware.Trace) -> Value: SRS_IT_E8790472B776545236AF91 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\programdata\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully. Infizierte Dateien: c:\$Recycle.Bin\s-1-5-21-868785299-726797094-2297327714-1000\$RJO642S.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\Windows\Temp\QUE4ECA.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\program files (x86)\questbrwsearch\questbrwsearch.dll (Adware.QuestBrowse) -> Quarantined and deleted successfully. OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/17/2011 6:18:33 PM - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Schlepptop\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 138.99 Gb Total Space | 85.17 Gb Free Space | 61.28% Space Free | Partition Type: NTFS Drive D: | 139.00 Gb Total Space | 138.73 Gb Free Space | 99.81% Space Free | Partition Type: NTFS Computer Name: SCHLEPPTOP-PC | User Name: Schlepptop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Schlepptop\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Schlepptop\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906}:1.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.1 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/24 15:36:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/10 20:53:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/24 15:36:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/11/12 02:04:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Extensions [2010/11/12 01:26:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/01/15 22:20:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions [2010/11/12 02:07:19 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/11/12 02:07:19 | 000,000,000 | -H-D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010/11/12 02:07:21 | 000,000,000 | -H-D | M] ("RightToClick") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2010/12/30 21:46:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/11/17 15:08:21 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/11/12 02:07:17 | 000,000,000 | -H-D | M] ("FRITZ!Box AddOn") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\fb_add_on@avm.de [2011/01/17 18:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} [2010/10/27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/10/27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/10/27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/10/27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/10/27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/01/17 17:15:03 | 000,428,727 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14759 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\Shell - "" = AutoRun O33 - MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/01/17 18:17:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schlepptop\Desktop\OTL.exe [2011/01/17 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Roaming\Malwarebytes [2011/01/17 17:20:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/01/17 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/01/17 17:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/01/17 17:20:36 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/01/17 17:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/01/17 17:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011/01/17 17:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/01/17 17:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/01/13 22:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2011/01/13 22:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2011/01/13 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2011/01/13 22:15:36 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Local\Autodesk [2011/01/13 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2011/01/13 22:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2011/01/13 22:14:10 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011/01/13 22:14:10 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2011/01/13 22:14:10 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011/01/13 22:14:10 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2011/01/13 22:14:09 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011/01/13 22:14:09 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011/01/13 22:14:04 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011/01/13 22:14:04 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011/01/13 22:06:37 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Roaming\Autodesk [2011/01/13 22:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2011/01/13 21:56:24 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011/01/13 21:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011/01/13 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011/01/13 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Roaming\DAEMON Tools Lite [2011/01/13 21:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011/01/13 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl [2011/01/13 20:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl [2011/01/13 20:34:35 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011/01/13 20:34:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011/01/08 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\Desktop\CS5 [2011/01/07 22:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2011/01/07 22:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2011/01/07 22:51:19 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2010/12/24 15:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2010/12/24 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/12/24 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/12/24 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/12/24 15:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2010/12/24 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime ========== Files - Modified Within 30 Days ========== [2011/01/17 18:20:17 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/17 18:20:17 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/17 18:12:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/17 18:12:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schlepptop\Desktop\OTL.exe [2011/01/17 18:12:48 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys [2011/01/17 17:20:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/01/17 17:15:03 | 000,428,727 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/01/17 17:09:19 | 000,001,258 | ---- | M] () -- C:\Users\Schlepptop\Desktop\Spybot - Search & Destroy.lnk [2011/01/15 19:22:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/01/15 19:22:55 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/01/15 19:22:55 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/01/15 19:22:55 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/01/15 19:22:55 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/01/14 21:59:25 | 000,515,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/01/13 22:16:41 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2011/01/13 21:56:24 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011/01/13 21:56:20 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011/01/10 13:23:32 | 000,821,815 | ---- | M] () -- C:\Users\Schlepptop\Documents\house-with-brennholzlager.skp [2011/01/10 13:16:16 | 000,678,842 | ---- | M] () -- C:\Users\Schlepptop\Documents\brennholzlager.jpg [2011/01/10 12:58:03 | 000,636,477 | ---- | M] () -- C:\Users\Schlepptop\Documents\house-with-garden.skp [2011/01/10 12:55:31 | 000,064,952 | ---- | M] () -- C:\Users\Schlepptop\Documents\brennholzlager.skp [2011/01/07 22:51:00 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2010/12/24 15:42:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/20 23:05:52 | 000,000,151 | ---- | M] () -- C:\Users\Schlepptop\Rücknahmebedingungen des Verkäufers für den Artikel iPhone 4 Leder Tasche - schwarz - Case - Etui - Hülle.URL [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011/01/17 17:20:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/01/17 17:09:19 | 000,001,258 | ---- | C] () -- C:\Users\Schlepptop\Desktop\Spybot - Search & Destroy.lnk [2011/01/13 22:16:41 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2011/01/13 21:56:20 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011/01/10 13:23:31 | 000,821,815 | ---- | C] () -- C:\Users\Schlepptop\Documents\house-with-brennholzlager.skp [2011/01/10 12:58:02 | 000,636,477 | ---- | C] () -- C:\Users\Schlepptop\Documents\house-with-garden.skp [2011/01/07 22:51:00 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2010/12/24 15:42:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/20 23:05:52 | 000,000,151 | ---- | C] () -- C:\Users\Schlepptop\Rücknahmebedingungen des Verkäufers für den Artikel iPhone 4 Leder Tasche - schwarz - Case - Etui - Hülle.URL [2010/12/14 10:58:13 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/12/14 10:58:13 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/12/14 10:57:19 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/12/14 10:57:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010/12/14 10:50:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010/12/14 10:50:22 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010/11/12 20:02:50 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2010/11/12 00:21:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/10/27 13:55:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2010/06/14 12:11:13 | 000,000,803 | ---- | C] () -- C:\Windows\HotFixList.ini [2010/06/14 12:00:25 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2010/06/14 11:59:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log [2010/06/14 11:58:13 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log [2010/06/14 11:55:08 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2010/06/14 11:54:16 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010/06/14 11:53:47 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/02/02 19:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2009/02/02 19:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2009/02/02 19:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2009/02/02 19:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2001/12/12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll [2001/12/12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll ========== LOP Check ========== [2011/01/13 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\Autodesk [2010/11/14 12:31:05 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\Canneverbe Limited [2011/01/13 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\DAEMON Tools Lite [2010/11/19 14:22:20 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\FRITZ! [2010/11/14 17:30:09 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\FRITZ!fax für FRITZ!Box [2010/12/04 13:31:15 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\Funambol [2010/11/15 06:08:41 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\Lexware [2010/11/19 15:52:36 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\TerraTec [2010/11/12 01:26:36 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\Thunderbird [2009/07/14 06:08:49 | 000,022,776 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 1/17/2011 6:18:33 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Schlepptop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.99 Gb Total Space | 85.17 Gb Free Space | 61.28% Space Free | Partition Type: NTFS
Drive D: | 139.00 Gb Total Space | 138.73 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Computer Name: SCHLEPPTOP-PC | User Name: Schlepptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.0.144.38
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1339105E-F091-458E-90C1-B8F24153C825}" = Lexware faktura+auftrag 2009
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Cinergy T Stick Black" = Cinergy T Stick Black V86.001.1026.2009
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"nLite_is1" = nLite 1.4.9.1
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/25/2010 1:21:24 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2309
Error - 12/25/2010 1:21:24 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2309
Error - 12/25/2010 1:21:25 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/25/2010 1:21:25 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3307
Error - 12/25/2010 1:21:25 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3307
Error - 12/25/2010 1:21:26 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/25/2010 1:21:26 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4337
Error - 12/25/2010 1:21:26 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4337
Error - 12/31/2010 10:38:22 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 10:38:22 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
[ System Events ]
Error - 12/24/2010 12:55:26 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/25/2010 12:43:35 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/29/2010 5:31:49 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/29/2010 5:31:52 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 12/29/2010 5:31:52 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 12/30/2010 4:45:48 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/31/2010 10:02:37 AM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/2/2011 6:27:25 AM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/2/2011 5:43:51 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 1/2/2011 5:43:51 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
< End of report >
Geändert von Janne1 (17.01.2011 um 19:49 Uhr) |
|
17.01.2011, 19:52
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infektion mit Malware u.A. Win32/ZwangiZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
17.01.2011, 20:37
| #3 |
| | Infektion mit Malware u.A. Win32/Zwangi Hallo Arne,
__________________Danke schonmal für die Antwort. Voll-Scan läuft. Ältere logs sind leider nicht vorhanden, da ich leider erst nach Euer Anleitung installiert habe. Die anderen Recher sollte ich wahrscheinlich analog zu deinen Anweisungen hier mitlaufenlassen? Grüße Jan So fertig: Richtig eingefügt? Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5541
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17.01.2011 20:32:33
mbam-log-2011-01-17 (20-32-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 312278
Laufzeit: 32 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\schlepptop\downloads\rukerneltool\rukerneltool\rukerneltool.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
|
|
17.01.2011, 20:56
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit Malware u.A. Win32/ZwangiZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.01.2011, 21:11
| #5 |
| | Infektion mit Malware u.A. Win32/Zwangi nen Tool zum FritzBox ummodeln... ich hoffe nicht, das das Ding mit irgendwas infiziert ist, das IP-Forum (da kam es her) war über Weihnachten down wegen Rootkit (heist das Ding so?) Attacke. Die haben das tagelang wieder hochbringen müssen... ruKernelTool Alarm ist wohl bekannt, wird wohl von AutoIt ausgelöst, Tool ist anscheinend damit gemacht: siehe Post 14 ruKernelTool - BugReport - Sammelthread Hmmm, kann keine Links einfügen, die verschwinden wieder, daher jetzt für Copy and Paste: hxxp://www.ip-phone-forum.de/showthread.php?t=212841 Was soll ich jetzt machen? In vorauseilendem Gehorsam: Code:
ATTFilter OTL logfile created on: 1/17/2011 8:57:03 PM - Run 2 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Schlepptop\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 138.99 Gb Total Space | 85.13 Gb Free Space | 61.25% Space Free | Partition Type: NTFS Drive D: | 139.00 Gb Total Space | 138.73 Gb Free Space | 99.81% Space Free | Partition Type: NTFS Computer Name: SCHLEPPTOP-PC | User Name: Schlepptop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Schlepptop\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Schlepptop\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-868785299-726797094-2297327714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-868785299-726797094-2297327714-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-868785299-726797094-2297327714-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906}:1.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.1 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/24 15:36:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/10 20:53:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/24 15:36:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/11/12 02:04:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Extensions [2010/11/12 01:26:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/01/17 18:53:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions [2010/11/12 02:07:19 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/11/12 02:07:19 | 000,000,000 | -H-D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010/11/12 02:07:21 | 000,000,000 | -H-D | M] ("RightToClick") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2010/12/30 21:46:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/11/17 15:08:21 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/11/12 02:07:17 | 000,000,000 | -H-D | M] ("FRITZ!Box AddOn") -- C:\Users\Schlepptop\AppData\Roaming\mozilla\Firefox\Profiles\yn8b8ob5.default\extensions\fb_add_on@avm.de [2011/01/17 18:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010/10/27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/10/27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/10/27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/10/27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/10/27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/01/17 17:15:03 | 000,428,727 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14759 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-868785299-726797094-2297327714-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-868785299-726797094-2297327714-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\Shell - "" = AutoRun O33 - MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/01/17 20:43:46 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011/01/17 18:17:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schlepptop\Desktop\OTL.exe [2011/01/17 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Roaming\Malwarebytes [2011/01/17 17:20:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/01/17 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/01/17 17:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/01/17 17:20:36 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/01/17 17:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/01/17 17:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011/01/17 17:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/01/17 17:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/01/13 22:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2011/01/13 22:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2011/01/13 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2011/01/13 22:15:36 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Local\Autodesk [2011/01/13 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2011/01/13 22:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2011/01/13 22:14:10 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011/01/13 22:14:10 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2011/01/13 22:14:10 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011/01/13 22:14:10 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2011/01/13 22:14:09 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011/01/13 22:14:09 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011/01/13 22:14:04 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011/01/13 22:14:04 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011/01/13 22:06:37 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Roaming\Autodesk [2011/01/13 22:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2011/01/13 21:56:24 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011/01/13 21:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011/01/13 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011/01/13 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\AppData\Roaming\DAEMON Tools Lite [2011/01/13 21:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011/01/13 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl [2011/01/13 20:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl [2011/01/13 20:34:35 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011/01/13 20:34:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011/01/08 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\Schlepptop\Desktop\CS5 [2011/01/07 22:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2011/01/07 22:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2011/01/07 22:51:19 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2010/12/24 15:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2010/12/24 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/12/24 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/12/24 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/12/24 15:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2010/12/24 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime ========== Files - Modified Within 30 Days ========== [2011/01/17 20:48:32 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/17 20:48:32 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/17 20:43:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011/01/17 20:41:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/17 20:41:03 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys [2011/01/17 18:12:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schlepptop\Desktop\OTL.exe [2011/01/17 17:20:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/01/17 17:15:03 | 000,428,727 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/01/17 17:09:19 | 000,001,258 | ---- | M] () -- C:\Users\Schlepptop\Desktop\Spybot - Search & Destroy.lnk [2011/01/15 19:22:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/01/15 19:22:55 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/01/15 19:22:55 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/01/15 19:22:55 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/01/15 19:22:55 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/01/14 21:59:25 | 000,515,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/01/13 22:16:41 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2011/01/13 21:56:24 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011/01/13 21:56:20 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011/01/13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011/01/13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011/01/13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011/01/13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011/01/13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011/01/13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011/01/13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011/01/13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011/01/10 13:23:32 | 000,821,815 | ---- | M] () -- C:\Users\Schlepptop\Documents\house-with-brennholzlager.skp [2011/01/10 13:16:16 | 000,678,842 | ---- | M] () -- C:\Users\Schlepptop\Documents\brennholzlager.jpg [2011/01/10 12:58:03 | 000,636,477 | ---- | M] () -- C:\Users\Schlepptop\Documents\house-with-garden.skp [2011/01/10 12:55:31 | 000,064,952 | ---- | M] () -- C:\Users\Schlepptop\Documents\brennholzlager.skp [2011/01/07 22:51:00 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2010/12/24 15:42:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/20 23:05:52 | 000,000,151 | ---- | M] () -- C:\Users\Schlepptop\Rücknahmebedingungen des Verkäufers für den Artikel iPhone 4 Leder Tasche - schwarz - Case - Etui - Hülle.URL [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011/01/17 17:20:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/01/17 17:09:19 | 000,001,258 | ---- | C] () -- C:\Users\Schlepptop\Desktop\Spybot - Search & Destroy.lnk [2011/01/13 22:16:41 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk [2011/01/13 21:56:20 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011/01/10 13:23:31 | 000,821,815 | ---- | C] () -- C:\Users\Schlepptop\Documents\house-with-brennholzlager.skp [2011/01/10 12:58:02 | 000,636,477 | ---- | C] () -- C:\Users\Schlepptop\Documents\house-with-garden.skp [2011/01/07 22:51:00 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2010/12/24 15:42:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/20 23:05:52 | 000,000,151 | ---- | C] () -- C:\Users\Schlepptop\Rücknahmebedingungen des Verkäufers für den Artikel iPhone 4 Leder Tasche - schwarz - Case - Etui - Hülle.URL [2010/12/14 10:58:13 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/12/14 10:58:13 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/12/14 10:57:19 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/12/14 10:57:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010/12/14 10:50:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010/12/14 10:50:22 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010/11/12 20:02:50 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2010/11/12 00:21:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/10/27 13:55:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2010/06/14 12:11:13 | 000,000,803 | ---- | C] () -- C:\Windows\HotFixList.ini [2010/06/14 12:00:25 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2010/06/14 11:59:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log [2010/06/14 11:58:13 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log [2010/06/14 11:55:08 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2010/06/14 11:54:16 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010/06/14 11:53:47 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/02/02 19:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2009/02/02 19:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2009/02/02 19:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2009/02/02 19:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2001/12/12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll [2001/12/12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll ========== LOP Check ========== [2010/11/20 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Lexware [2010/12/24 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TerraTec [2011/01/13 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\Autodesk [2010/11/14 12:31:05 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\Canneverbe Limited [2011/01/13 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\DAEMON Tools Lite [2010/11/19 14:22:20 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\FRITZ! [2010/11/14 17:30:09 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\FRITZ!fax für FRITZ!Box [2010/12/04 13:31:15 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\Funambol [2010/11/15 06:08:41 | 000,000,000 | -H-D | M] -- C:\Users\Schlepptop\AppData\Roaming\Lexware [2010/11/19 15:52:36 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\TerraTec [2010/11/12 01:26:36 | 000,000,000 | ---D | M] -- C:\Users\Schlepptop\AppData\Roaming\Thunderbird [2009/07/14 06:08:49 | 000,023,028 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/17/2011 8:57:03 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Schlepptop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.99 Gb Total Space | 85.13 Gb Free Space | 61.25% Space Free | Partition Type: NTFS
Drive D: | 139.00 Gb Total Space | 138.73 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Computer Name: SCHLEPPTOP-PC | User Name: Schlepptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-868785299-726797094-2297327714-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.0.144.38
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1339105E-F091-458E-90C1-B8F24153C825}" = Lexware faktura+auftrag 2009
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Cinergy T Stick Black" = Cinergy T Stick Black V86.001.1026.2009
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"nLite_is1" = nLite 1.4.9.1
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/31/2010 10:38:25 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 10:38:25 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4071
Error - 12/31/2010 10:38:25 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4071
Error - 12/31/2010 12:38:56 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 12:38:56 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7235045
Error - 12/31/2010 12:38:56 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7235045
Error - 12/31/2010 2:00:23 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 2:00:23 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1295
Error - 12/31/2010 2:00:23 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1295
Error - 12/31/2010 4:27:28 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 12/29/2010 5:31:49 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/29/2010 5:31:52 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 12/29/2010 5:31:52 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 12/30/2010 4:45:48 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/31/2010 10:02:37 AM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/2/2011 6:27:25 AM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/2/2011 5:43:51 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 1/2/2011 5:43:51 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 1/2/2011 5:43:54 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/3/2011 3:51:57 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-868785299-726797094-2297327714-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.0.144.38
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1339105E-F091-458E-90C1-B8F24153C825}" = Lexware faktura+auftrag 2009
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Cinergy T Stick Black" = Cinergy T Stick Black V86.001.1026.2009
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"nLite_is1" = nLite 1.4.9.1
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/31/2010 10:38:25 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 10:38:25 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4071
Error - 12/31/2010 10:38:25 AM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4071
Error - 12/31/2010 12:38:56 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 12:38:56 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7235045
Error - 12/31/2010 12:38:56 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7235045
Error - 12/31/2010 2:00:23 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/31/2010 2:00:23 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1295
Error - 12/31/2010 2:00:23 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1295
Error - 12/31/2010 4:27:28 PM | Computer Name = Schlepptop-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 12/29/2010 5:31:49 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/29/2010 5:31:52 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 12/29/2010 5:31:52 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 12/30/2010 4:45:48 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12/31/2010 10:02:37 AM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/2/2011 6:27:25 AM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/2/2011 5:43:51 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 1/2/2011 5:43:51 PM | Computer Name = Schlepptop-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 1/2/2011 5:43:54 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 1/3/2011 3:51:57 PM | Computer Name = Schlepptop-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Geändert von Janne1 (17.01.2011 um 21:48 Uhr) Grund: Link eingefügt |
|
17.01.2011, 22:17
| #6 |
| | Infektion mit Malware u.A. Win32/Zwangi und hier noch von spybot.... |
|
18.01.2011, 13:30
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit Malware u.A. Win32/Zwangi Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\Shell - "" = AutoRun
O33 - MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\Shell\AutoRun\command - "" = G:\Setup.exe
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2011, 13:54
| #8 |
| | Infektion mit Malware u.A. Win32/Zwangi Hallo Arne, danke für die schnelle Antwort. Hier das Log von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{378e9c56-1f4b-11e0-83ad-002454e19826}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{378e9c56-1f4b-11e0-83ad-002454e19826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{378e9c56-1f4b-11e0-83ad-002454e19826}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jan
->Temp folder emptied: 54188 bytes
->Temporary Internet Files folder emptied: 163511 bytes
->FireFox cache emptied: 99468345 bytes
->Flash cache emptied: 1032 bytes
User: Public
User: Schlepptop
->Temp folder emptied: 13336264 bytes
->Temporary Internet Files folder emptied: 143936419 bytes
->FireFox cache emptied: 52477019 bytes
->Flash cache emptied: 9546 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131726 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 413750750 bytes
Total Files Cleaned = 690.00 mb
OTL by OldTimer - Version 3.2.20.2 log created on 01182011_134706
Files\Folders moved on Reboot...
C:\Users\Schlepptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Grüße Jan Geändert von Janne1 (18.01.2011 um 14:09 Uhr) Grund: wort vergessen |
|
18.01.2011, 14:23
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit Malware u.A. Win32/Zwangi Wer ist denn das? Nickname vom neuen? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2011, 15:24
| #10 |
| | Infektion mit Malware u.A. Win32/Zwangi Nickname hat Sie glaub ich noch nicht, da läuft grad noch OTL (nach Eurer Einsteiger Anleitung)....postet aber betimmt noch heute. Da ist auf jeden Fall ne Mail angekommen, vermeintlich von einer Freundin....aber die war wohl gekapert, den der Link in der Mail löste einen Avira Alarm aus. Danach hat Sie gescannt und wohl noch einige Probleme gefunden...Ich hab Sie an Euch verwiesen und gesagt, Sie soll das Log vom Avira Scan mitposten... So jetzt aber zu meinem Schlepptop: Code:
ATTFilter ComboFix 11-01-17.04 - Schlepptop 18.01.2011 14:54:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3033.1887 [GMT 1:00]
ausgeführt von:: c:\users\Schlepptop\Desktop\Cofi.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-18 bis 2011-01-18 ))))))))))))))))))))))))))))))
.
2011-01-18 13:58 . 2011-01-18 13:58 -------- d-----w- c:\users\Jan\AppData\Local\temp
2011-01-18 13:58 . 2011-01-18 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-18 12:47 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0082DE5-F5EF-49CA-8C02-7059A14C04E6}\mpengine.dll
2011-01-18 12:47 . 2011-01-18 12:47 -------- d-----w- C:\_OTL
2011-01-17 19:43 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-17 16:22 . 2011-01-17 16:22 -------- d-----w- c:\users\Schlepptop\AppData\Roaming\Malwarebytes
2011-01-17 16:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-17 16:20 . 2011-01-17 16:20 -------- d-----w- c:\programdata\Malwarebytes
2011-01-17 16:20 . 2011-01-17 16:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-17 16:20 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-17 16:08 . 2011-01-17 16:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-17 16:08 . 2011-01-17 16:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-13 21:17 . 2011-01-13 21:17 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-01-13 20:56 . 2011-01-13 20:56 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-13 20:56 . 2011-01-13 20:56 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-01-13 20:54 . 2011-01-13 21:00 -------- d-----w- c:\users\Schlepptop\AppData\Roaming\DAEMON Tools Lite
2011-01-13 20:54 . 2011-01-13 20:55 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-01-13 19:55 . 2011-01-13 19:55 -------- d-----w- c:\program files\Windows7FirewallControl
2011-01-13 19:34 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 19:34 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 19:34 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-13 19:34 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 19:34 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 19:34 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-13 19:34 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-13 19:34 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-13 19:34 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-13 19:34 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-07 21:52 . 2011-01-13 21:35 -------- d-----w- c:\programdata\FLEXnet
2011-01-07 21:51 . 2011-01-07 21:51 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-01-07 21:51 . 2008-04-07 04:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-01-04 19:36 . 2011-01-04 19:36 -------- d-----w- c:\users\Public\CyberLink
2011-01-04 19:36 . 2011-01-04 19:36 -------- d-----w- c:\users\Jan\AppData\Roaming\CyberLink
2010-12-24 14:42 . 2010-12-24 14:42 -------- d-----w- c:\program files\iTunes
2010-12-24 14:42 . 2010-12-24 14:42 -------- d-----w- c:\program files (x86)\iTunes
2010-12-24 14:42 . 2010-12-24 14:42 -------- d-----w- c:\program files\iPod
2010-12-24 13:04 . 2010-12-24 13:04 -------- d-----w- c:\users\Jan\AppData\Roaming\TerraTec
2010-12-24 13:03 . 2010-12-24 13:03 -------- d-----w- c:\users\Jan\AppData\Roaming\Apple Computer
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-13 13:05 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-13 12:09 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:41 . 2010-11-13 12:23 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-13 12:09 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-11-13 12:09 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-13 12:09 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-11-13 12:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-17 21:38 . 2009-11-05 12:04 513600 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-11-17 21:38 . 2002-01-03 00:09 356 ----a-w- c:\windows\system32\AF15IrTbl.bin
2010-11-04 06:35 . 2010-12-15 16:22 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 16:22 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 16:22 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 16:22 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 16:22 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 16:22 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 16:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 16:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 16:22 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 16:22 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-15 16:22 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-15 16:22 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 16:22 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 16:22 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 16:22 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 16:22 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 16:22 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 16:22 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 14:36 . 2010-10-27 14:36 1421312 ----a-w- c:\windows\SysWow64\FormAssi50.dll
2010-10-27 12:55 . 2010-10-27 12:55 57344 ----a-w- c:\windows\SysWow64\FKStampPainter20.dll
2010-10-27 05:06 . 2010-12-15 16:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 16:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-10-22 04:22 . 2010-10-22 04:22 15144 ----a-w- c:\windows\SysWow64\drivers\rtport.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys [2010-11-17 513600]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-13 1436424]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-13 254528]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-11-01 614912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 365592]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-11-01 1133056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
FF - ProfilePath - c:\users\Schlepptop\AppData\Roaming\Mozilla\Firefox\Profiles\yn8b8ob5.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: Biet-O-Matic Firefox Erweiterung: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906} - %profile%\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: RightToClick: {cd617375-6743-4ee8-bac4-fbf10f35729e} - %profile%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-18 15:01:10
ComboFix-quarantined-files.txt 2011-01-18 14:01
ComboFix2.txt 2011-01-18 13:51
Vor Suchlauf: 11 Verzeichnis(se), 94.638.878.720 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 94.309.597.184 Bytes frei
- - End Of File - - 85D37322D5C95AEEF18A438ADFAE4AB5
Was jetzt? Grüße Jan |
|
18.01.2011, 16:04
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit Malware u.A. Win32/Zwangi Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.01.2011, 16:48
| #12 |
| | Infektion mit Malware u.A. Win32/Zwangi Hallo Arne, kann nur mit den unteren 3 Häkchen bei GMER scannen, die anderen sind ausgegraut (Systems...Librairies), auch im abesicherten Modus nicht anders. In der Anleitung sind aber alle an, soll ich trotzdem weitermachen? Jan Edit: So jetzt hab ich den Scan mal mit den 3 Häckchen gemacht, hat nichts gefunden. Logfile ist leer. Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R530/R730
Logical Drives Mask: 0x0000005c
Kernel Drivers (total 195):
0x02E13000 \SystemRoot\system32\ntoskrnl.exe
0x033EF000 \SystemRoot\system32\hal.dll
0x00BB9000 \SystemRoot\system32\kdcom.dll
0x00C77000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBB000 \SystemRoot\system32\PSHED.dll
0x00CCF000 \SystemRoot\system32\CLFS.SYS
0x00D2D000 \SystemRoot\system32\CI.dll
0x00ECC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F70000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F7F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FDF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x0105F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0117B000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01184000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011AE000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011B9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011C9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x011D4000 \SystemRoot\system32\drivers\fileinfo.sys
0x0125A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014D6000 \SystemRoot\System32\Drivers\msrpc.sys
0x01534000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0154E000 \SystemRoot\System32\Drivers\cng.sys
0x015C1000 \SystemRoot\System32\drivers\pcw.sys
0x015D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0164D000 \SystemRoot\system32\drivers\ndis.sys
0x0173F000 \SystemRoot\system32\drivers\NETIO.SYS
0x0179F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017CA000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D2000 \SystemRoot\System32\Drivers\mup.sys
0x017E4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01474000 \SystemRoot\system32\DRIVERS\disk.sys
0x0148A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0398C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039B6000 \SystemRoot\System32\Drivers\Null.SYS
0x039BF000 \SystemRoot\System32\Drivers\Beep.SYS
0x039C6000 \SystemRoot\System32\drivers\vga.sys
0x039D4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03800000 \SystemRoot\System32\drivers\watchdog.sys
0x03810000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03819000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03822000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0382B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03836000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A02000 \SystemRoot\System32\drivers\tcpip.sys
0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015DC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03847000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x014BA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02AB1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02AF6000 \SystemRoot\system32\drivers\afd.sys
0x02B80000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02B8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02B93000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02BB9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02BCF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02A00000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x02A43000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02A5E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02A72000 \??\C:\Windows\system32\Drivers\SABI.sys
0x068A7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x068F8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x06904000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0690F000 \SystemRoot\System32\drivers\discache.sys
0x0691E000 \SystemRoot\System32\Drivers\dfsc.sys
0x0693C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0694D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x06996000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0704C000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x066DB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06600000 \SystemRoot\System32\drivers\dxgmms1.sys
0x06646000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x06653000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x066A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x067CF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x07861000 \SystemRoot\system32\DRIVERS\athrx.sys
0x079E5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x07754000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x079F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x07800000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0781E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06800000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0782D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0782F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0783E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0784B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x066BA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x079F7000 \SystemRoot\system32\DRIVERS\serscan.sys
0x066CA000 \SystemRoot\system32\drivers\ksthunk.sys
0x077B9000 \SystemRoot\system32\drivers\ks.sys
0x07000000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x06A41000 \SystemRoot\system32\DRIVERS\storport.sys
0x06AA3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06AB9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06ADD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06AE9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06B18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06B33000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06B54000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x06B6E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x06B70000 \SystemRoot\system32\DRIVERS\umbus.sys
0x06B82000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06BDC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07E1F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0803D000 \SystemRoot\system32\drivers\portcls.sys
0x0807A000 \SystemRoot\system32\drivers\drmk.sys
0x0809C000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x080C3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x080D1000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x081ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x07E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x07E0C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06A19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06A22000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06A2F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x06852000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0686F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x069BC000 \SystemRoot\system32\drivers\luafv.sys
0x03854000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x06BF1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x069DF000 \SystemRoot\system32\drivers\WudfPf.sys
0x02A7C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0388E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02A91000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02BDE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x066D0000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x028A9000 \SystemRoot\system32\drivers\HTTP.sys
0x02971000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0298F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x029A7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0284E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x038E1000 \SystemRoot\system32\drivers\peauth.sys
0x02871000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0287C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x029D4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x036BE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03725000 \SystemRoot\System32\DRIVERS\srv.sys
0x03600000 \SystemRoot\system32\drivers\spsys.sys
0x76D50000 \Windows\System32\ntdll.dll
0x47860000 \Windows\System32\smss.exe
0xFF070000 \Windows\System32\apisetschema.dll
0xFFC20000 \Windows\System32\autochk.exe
0xFF040000 \Windows\System32\sechost.dll
0xFEE60000 \Windows\System32\setupapi.dll
0xFEDC0000 \Windows\System32\comdlg32.dll
0xFEC90000 \Windows\System32\rpcrt4.dll
0xFEC80000 \Windows\System32\lpk.dll
0xFEB70000 \Windows\System32\msctf.dll
0xFEB20000 \Windows\System32\ws2_32.dll
0xFE910000 \Windows\System32\ole32.dll
0xFE7E0000 \Windows\System32\wininet.dll
0xFE7B0000 \Windows\System32\imm32.dll
0x76C30000 \Windows\System32\kernel32.dll
0x76F20000 \Windows\System32\psapi.dll
0xFE550000 \Windows\System32\iertutil.dll
0xFE3D0000 \Windows\System32\urlmon.dll
0xFD640000 \Windows\System32\shell32.dll
0xFD5D0000 \Windows\System32\gdi32.dll
0xFD5C0000 \Windows\System32\nsi.dll
0x76B30000 \Windows\System32\user32.dll
0xFD5A0000 \Windows\System32\imagehlp.dll
0x76F10000 \Windows\System32\normaliz.dll
0xFD520000 \Windows\System32\difxapi.dll
0xFD450000 \Windows\System32\usp10.dll
0xFD370000 \Windows\System32\advapi32.dll
0xFD2D0000 \Windows\System32\clbcatq.dll
0xFD280000 \Windows\System32\Wldap32.dll
0xFD1A0000 \Windows\System32\oleaut32.dll
0xFD100000 \Windows\System32\msvcrt.dll
0xFD080000 \Windows\System32\shlwapi.dll
0xFD040000 \Windows\System32\wintrust.dll
0xFD000000 \Windows\System32\cfgmgr32.dll
0xFCE90000 \Windows\System32\crypt32.dll
0xFCDF0000 \Windows\System32\comctl32.dll
0xFCD80000 \Windows\System32\KernelBase.dll
0xFCD60000 \Windows\System32\devobj.dll
0xFCD50000 \Windows\System32\msasn1.dll
0x75EE0000 \Windows\SysWOW64\normaliz.dll
Processes (total 60):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
444 csrss.exe
496 C:\Windows\System32\wininit.exe
508 csrss.exe
548 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
628 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1272 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1560 C:\Windows\System32\spoolsv.exe
1588 C:\Windows\System32\svchost.exe
1712 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1784 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1940 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1992 C:\Windows\System32\svchost.exe
1116 C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
2068 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2112 C:\Windows\System32\taskhost.exe
2260 C:\Windows\System32\taskeng.exe
2276 C:\Windows\System32\dwm.exe
2316 C:\Windows\explorer.exe
2392 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
2408 C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
2512 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2668 C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
2832 C:\Windows\System32\svchost.exe
3064 C:\Windows\servicing\TrustedInstaller.exe
3084 C:\Windows\System32\rundll32.exe
3568 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3576 C:\Windows\System32\igfxtray.exe
3584 C:\Windows\System32\hkcmd.exe
3592 C:\Windows\System32\igfxpers.exe
3604 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3612 C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
3716 C:\Windows\System32\igfxsrvc.exe
3936 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3952 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
3980 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
4036 C:\Windows\System32\SearchIndexer.exe
3312 C:\Program Files\Windows Media Player\wmpnetwk.exe
3832 C:\Windows\System32\svchost.exe
4872 C:\Windows\System32\sppsvc.exe
4912 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\wuauclt.exe
1192 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3040 C:\Windows\System32\svchost.exe
4020 C:\Windows\System32\audiodg.exe
3300 dllhost.exe
1772 dllhost.exe
4188 C:\Users\Schlepptop\Desktop\MBRCheck.exe
4160 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`c5f00000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ002F
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
Geändert von Janne1 (18.01.2011 um 17:31 Uhr) Grund: ergänzung |
|
18.01.2011, 19:17
| #14 |
| | Infektion mit Malware u.A. Win32/Zwangi Ja, rechtsklick und Ausführen als Adminstrator, erstmal so und danach im abgesicherten Modus nochmal versucht, jeweils als Administrator, beide male nur ausgegraute Kästchen. mbrcheck : Found non-standard or infected MBR bedeutet, das ich nen Rootkit habe? |
|
18.01.2011, 19:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit Malware u.A. Win32/Zwangi Ok. Es könnte sein, dass dein MBR infiziert ist, deswegen würde ich den fixen lassen. Hast Du noch andere Betriebssysteme außer Win7 installiert? Hast du eine Win7-DVD zur Hand? Wenn du keine Win7-DVD hast, geht das auch mit einer Vista-Rescue-Disc, schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad die ISO-Datei herunter, brenn sie zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Wie gesagt, falls Du eine normale Windows-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Windows-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Mach danach neue Logs mit MBRcheck und wenn's geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infektion mit Malware u.A. Win32/Zwangi |
| 64-bit, 7-zip, adblock, adware.clickpotato, adware.questbrowse, adware.shopperreports, adware.softomate, antivirus, auftrag, ausgehen, avast!, bho, black, bonjour, browser, browser modifier, c:\windows\system32\rundll32.exe, entfernen, error, excel, firefox, firefox.exe, flash player, frage, helper, home, home premium, hängen, iastor.sys, ieframe.dll, install.exe, installation, lexware, location, logfile, malware, microsoft office word, mozilla, mozilla thunderbird, nicht sicher, oldtimer, otl.exe, preferences, programdata, programm, realtek, recycle.bin, registry, riskware.tool.ck, safer networking, saver, searchplugins, security, senden, shell32.dll, siteadvisor, sketchup, software, start menu, stick, syswow64, usbaapl64, user agent, webcheck |
Linear-Darstellung
