|
Log-Analyse und Auswertung: Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.06.2011, 11:26 | #1 |
| Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden. Ich glaube, ich habe glatt eine Lösung für einen lästigen Trojaner gefunden. Es fing gestern an, dass meine Firewall einen merkwürdigen Zugriff auf das Internet genehmigen wollte. "Systray .exe stub" wollte auf komische russische Server zugreifen. Wenn dies nicht gelangt, auch mal auf microsoft.com oder einen Adobe Updateserver. IP Adressen 96.44.134.20 Es ist eine Datei im Temp-Ordner mit generischem Namen wie 2HG1083.exe. Der Prozess heisst genau so. Beendet man den Prozess, erstellt er eine neue Temp-Datei samt Prozess mit neuem generischem Namen. Was mir auffiel: auf c: gibt es einen versteckten Ordner awaynet.bin mit der Datei awaynet.bin.exe und config.bin und einen passenden HKCU-Run-Eintrag. Geht der Laptop in den Energiesparmodus, kann man ihn per Tastatur nicht mehr aufwecken, nur noch per Einschalter. Was ich bisher probiert habe: Antivir schlägt nicht an mit der Temp-Datei, deren Virenlab zeigt sogar CLEAN an. virustotal zeigt einen von 42 Treffern an mit der generischen Datei: Win32.GenericFF Malwarebytes hat noch 4 andere Dateien entdeckt und entfernt (log anbei). Findet jetzt aber nichts mehr. Im abgesicherten Zustand habe ich den Ordner awaynet.bin, den Run-Eintrag und die Temp-Dateien geändert. Es hat nichts geholfen. Habe dann ein paar Softwarepakete deinstalliert und JAVA-update gemacht. OTL Log erstellt. CCleaner ausgeführt. Habe die Dateien im aywaynet.bin-Ordner durch irgendwelche Mülldateien oder leere Dateien ersetzt. Neustart. Der Run-Eintrag war wieder da, aber nicht mehr die Hintergrundprozesse. Daraufhin habe ich den RUN-Eintrag entfernt und Neustart gemacht. Jetzt sieht alles prima aus. Kein neuer Run-Eintrag, keine neuen Temp-Dateien Kurzinfos zum System: Windows 7 x64 auf Macintosh Komplexes System mit vielen Programmen und Einstellungen. Kurz, es dauert 2-3 volle Tage, das System wieder aufzusetzen. Surfe als Admin mit Firefox Filecollector ist eine eigene Software Ich denke, Java war das Einfallstor, da mein JavaUpdater nicht aktiv war. Logs: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:53 on 08/06/2011 (admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter OTL logfile created on: 08.06.2011 11:27:23 - Run 4 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\admin\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,73 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 52,74% Memory free 4,52 Gb Paging File | 2,57 Gb Available in Paging File | 56,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 56,59 Gb Total Space | 2,24 Gb Free Space | 3,97% Space Free | Partition Type: NTFS Computer Name: XXXXXX| User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\admin\AppData\Local\Temp\2HG1083.exe (Microsoft Corporation) PRC - C:\Users\admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox4\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\BCWipe\BCWipeTM.exe (Jetico, Inc.) PRC - C:\PROGRA~2\BCWipe\BCResident.exe (Jetico, Inc.) PRC - C:\Program Files (x86)\BCWipe\BCWipeSvc.exe (Jetico, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe (PC Tools) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\admin\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe () SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) SRV:64bit: - (Retrospect Helper) -- C:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe (Sonic Solutions) SRV:64bit: - (RetroLauncher) -- C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe (Sonic Solutions) SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (BCWipeSvc) -- C:\Program Files (x86)\BCWipe\BCWipeSvc.exe (Jetico, Inc.) SRV - (TrueCryptSystemFavorites) -- C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PCToolsFirewallPlus) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe (PC Tools) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (M4LIC) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (mobiolavs) -- C:\Windows\SysNative\drivers\mobiolavs.sys (SHAPE Services GmbH) DRV:64bit: - (MOBIOLA_Wave) Mobiola Wave Audio Device (WDM) -- C:\Windows\SysNative\drivers\mobiolawave.sys (SHAPE Services) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.) DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation) DRV:64bit: - (CirrusFilter) -- C:\Windows\SysNative\drivers\CS420x64.sys (Cirrus Logic) DRV:64bit: - (applemtp) -- C:\Windows\SysNative\drivers\applemtp.sys (Apple Inc.) DRV:64bit: - (applemtm) -- C:\Windows\SysNative\drivers\applemtm.sys (Apple Inc.) DRV:64bit: - (TridVid) -- C:\Windows\SysNative\drivers\tridvid6010.sys (10Moons Technologies Co.,Ltd) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (CBDisk) -- C:\Windows\SysNative\drivers\CBDisk.sys (EldoS Corporation) DRV:64bit: - (pctplfw) -- C:\Windows\SysNative\drivers\pctplfw64.sys (PC Tools) DRV:64bit: - (PCTFW-PacketFilter) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys (PC Tools) DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools) DRV:64bit: - (pctNDIS) -- C:\Windows\SysNative\drivers\pctNdis64.sys (PC Tools) DRV:64bit: - (EyeOneDisplay) -- C:\Windows\SysNative\drivers\i1display_x64.sys (GretagMacbeth LLC) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV:64bit: - (OXSDIDRV_x64) Oxford Semi eSATA Filter (x64) -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys () DRV:64bit: - (IRRemoteFlt) -- C:\Windows\SysNative\drivers\IRFilter.sys (Apple Inc.) DRV:64bit: - (KeyMagic) -- C:\Windows\SysNative\drivers\KeyMagic.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (FNETTHJM_152D) -- C:\Windows\SysWOW64\drivers\fnetthjm_152D.sys (FNet Co., Ltd.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 08 A5 BA CB 2D CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "file:///C:/Users/admin/Documents/meinedatei.htm" FF - prefs.js..extensions.enabledItems: aardvark@rob.brown:3.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.37 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.1.10 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.15 12:41:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.15 12:41:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\admin\AppData\Roaming\5015 [2011.06.02 16:21:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.08 15:53:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.02 21:29:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox4\components [2011.04.30 00:49:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox4\plugins [2011.04.23 23:26:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 23:47:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.04.23 23:26:38 | 000,000,000 | ---D | M] [2010.02.14 22:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2010.02.14 22:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.07 08:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions [2010.03.30 10:16:59 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.09.03 17:10:01 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2011.04.01 13:46:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.22 13:32:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.12.24 00:59:51 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.02.09 08:35:10 | 000,000,000 | ---D | M] (Aardvark) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\aardvark@rob.brown [2011.05.08 01:15:07 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\foxyproxy@eric.h.jung [2011.03.22 13:32:50 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\isreaditlater@ideashower.com [2011.04.05 21:37:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\piclens@cooliris.com [2010.07.31 00:28:49 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\0ny5i0id.default\extensions\YoutubeDownloader@PeterOlayev.com [2011.03.02 13:16:44 | 000,005,551 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0ny5i0id.default\searchplugins\google-maps.xml [2011.06.06 23:24:45 | 000,001,619 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0ny5i0id.default\searchplugins\ixquick.xml [2009.12.02 12:18:26 | 000,001,672 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0ny5i0id.default\searchplugins\leo-deu-ita.xml [2010.01.05 23:03:58 | 000,001,720 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\0ny5i0id.default\searchplugins\youtube-videosuche.xml [2011.04.12 21:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- [2011.06.02 16:21:12 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ADMIN\APPDATA\ROAMING\5015 () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NY5I0ID.DEFAULT\EXTENSIONS\{99B98C2C-7274-45A3-A640-D9DF1A1C8460}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NY5I0ID.DEFAULT\EXTENSIONS\{B9BFAF1C-A63F-47CD-8B9A-29526CED9060}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NY5I0ID.DEFAULT\EXTENSIONS\{CB56AAF9-68C8-41BD-8E5C-7B53232CF7B9}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NY5I0ID.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NY5I0ID.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI [2011.03.08 16:28:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.08 16:28:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.08 16:28:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.08 16:28:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.08 16:28:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.07 14:32:14 | 000,000,879 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation) O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCWipeTM Startup] C:\Program Files (x86)\BCWipe\BCWipeTM.exe (Jetico, Inc.) O4 - HKCU..\Run: [3D7DD43FAF9BCD1E] C:\awaynet.bin\awaynet.bin.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Program Files (x86)\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{1712e129-737c-11df-a13e-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{1712e129-737c-11df-a13e-60fb42719277}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{1ef73801-d61c-11de-8923-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{1ef73801-d61c-11de-8923-60fb42719277}\Shell\AutoRun\command - "" = "N:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{4c248c98-8ac8-11df-8b20-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{4c248c98-8ac8-11df-8b20-60fb42719277}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{4fd70380-db93-11de-9f3c-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{4fd70380-db93-11de-9f3c-60fb42719277}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{61a39219-b378-11df-95f4-e7eb82ac9fcb}\Shell - "" = AutoRun O33 - MountPoints2\{61a39219-b378-11df-95f4-e7eb82ac9fcb}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{7506a60c-3e72-11df-8e52-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7506a60c-3e72-11df-8e52-60fb42719277}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7c1563ee-8604-11df-86b1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7c1563ee-8604-11df-86b1-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{7d947899-dc75-11de-99dc-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7d947899-dc75-11de-99dc-60fb42719277}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7d94789c-dc75-11de-99dc-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7d94789c-dc75-11de-99dc-60fb42719277}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7d9478b4-dc75-11de-99dc-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7d9478b4-dc75-11de-99dc-60fb42719277}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7d9478b7-dc75-11de-99dc-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7d9478b7-dc75-11de-99dc-60fb42719277}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{7d94791e-dc75-11de-99dc-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7d94791e-dc75-11de-99dc-60fb42719277}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{7d947921-dc75-11de-99dc-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{7d947921-dc75-11de-99dc-60fb42719277}\Shell\AutoRun\command - "" = K:\setup.exe O33 - MountPoints2\{ad8fcae0-cffd-11df-b483-be1a720bacd3}\Shell - "" = AutoRun O33 - MountPoints2\{ad8fcae0-cffd-11df-b483-be1a720bacd3}\Shell\AutoRun\command - "" = E:\AutoRun\demo32.exe O33 - MountPoints2\{c2666994-d823-11de-9f9c-da15c8f9c3a1}\Shell - "" = AutoRun O33 - MountPoints2\{c2666994-d823-11de-9f9c-da15c8f9c3a1}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{fac107f4-d938-11de-b677-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fac107f4-d938-11de-b677-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{fac1086b-d938-11de-b677-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{fac1086b-d938-11de-b677-60fb42719277}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{fac1086f-d938-11de-b677-60fb42719277}\Shell - "" = AutoRun O33 - MountPoints2\{fac1086f-d938-11de-b677-60fb42719277}\Shell\AutoRun\command - "" = M:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {58B7CF03-3DDB-872F-D6D6-4C6CA0AF5F2C} - Internet Explorer ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {8760358B-08E7-E3B0-35DD-42C07F73B9BB} - Java (Sun) ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\PROGRA~2\Palm\Hotsync.exe - (PalmSource, Inc) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ProfileReminder.lnk - C:\PROGRA~2\EYE-ON~1\PROFIL~1.EXE - (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG) MsConfig:64bit - StartUpReg: 3D7DD43FAF9BCD1E - hkey= - key= - C:\awaynet.bin\awaynet.bin.exe () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BCWipeTM Startup - hkey= - key= - C:\Program Files (x86)\BCWipe\BCWipeTM.exe (Jetico, Inc.) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: GFI Backup 2009 - Home Edition - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HotSync - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: Userinit - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.08 11:11:42 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.06.02 22:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.06.02 16:21:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\5015 [2011.06.02 16:20:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\xmldm [2011.06.02 16:20:56 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\kock [2011.05.18 00:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations [2011.05.17 16:09:54 | 000,029,120 | ---- | C] (SHAPE Services) -- C:\Windows\SysNative\drivers\mobiolawave.sys [2011.05.17 16:09:40 | 000,028,304 | ---- | C] (SHAPE Services GmbH) -- C:\Windows\SysNative\drivers\mobiolavs.sys [2011.05.17 00:54:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\vlc [2011.05.17 00:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.05.17 00:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.05.16 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010.07.01 09:21:16 | 000,069,632 | ---- | C] ( ) -- C:\Programme\FileCollector.exe [2009.11.02 01:15:07 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files (x86)\putty.exe [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\admin\AppData\Roaming\*.tmp files -> C:\Users\admin\AppData\Roaming\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.08 11:20:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP [2011.06.08 11:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.08 09:21:25 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.08 09:21:25 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.08 09:17:39 | 014,045,158 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.08 09:17:39 | 004,708,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.08 09:17:39 | 004,463,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.08 09:17:39 | 004,020,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.08 09:17:39 | 000,005,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.08 07:13:04 | 2999,975,936 | -HS- | M] () -- C:\hiberfil.sys [2011.06.08 00:53:40 | 000,000,188 | ---- | M] () -- C:\Users\admin\defogger_reenable [2011.06.07 23:36:42 | 000,000,600 | ---- | M] () -- C:\Users\admin\AppData\Local\PUTTY.RND [2011.06.07 14:32:14 | 000,000,879 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.06.03 22:23:12 | 000,000,027 | ---- | M] () -- C:\Users\admin\AppData\Roaming\urhtps.dat [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.28 01:30:27 | 000,041,984 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Users\admin\AppData\Roaming\*.tmp files -> C:\Users\admin\AppData\Roaming\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.08 00:53:40 | 000,000,188 | ---- | C] () -- C:\Users\admin\defogger_reenable [2011.06.03 12:07:26 | 000,000,027 | ---- | C] () -- C:\Users\admin\AppData\Roaming\urhtps.dat [2011.03.15 03:28:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP [2010.08.31 13:36:12 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2010.07.03 00:16:20 | 000,000,151 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.07.01 09:21:16 | 000,015,004 | ---- | C] () -- C:\Programme\Filerenamer.jar [2010.03.16 13:35:42 | 004,745,728 | ---- | C] () -- C:\Windows\PhotoLooksRenderer_x64.dll [2009.11.18 09:44:57 | 007,229,440 | ---- | C] () -- C:\Users\admin\AppData\Local\filesync.metadata [2009.11.13 01:25:07 | 000,000,600 | ---- | C] () -- C:\Users\admin\AppData\Local\PUTTY.RND [2009.11.10 02:30:38 | 000,110,592 | ---- | C] () -- C:\Windows\Wiainst.exe [2009.11.04 00:41:14 | 000,041,984 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.02 00:42:24 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.01 22:15:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.10.29 13:57:37 | 000,278,583 | ---- | C] () -- C:\Windows\SysWow64\dnt27.dll [2009.10.29 13:57:37 | 000,077,882 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27.dll [2009.10.29 13:57:37 | 000,073,785 | ---- | C] () -- C:\Windows\SysWow64\dntvm27.dll [2009.10.29 13:57:25 | 000,000,093 | ---- | C] () -- C:\Users\admin\AppData\Local\fusioncache.dat [2009.10.29 13:56:53 | 000,000,162 | ---- | C] () -- C:\Windows\SysWow64\QBW_Register.ini [2009.10.29 13:56:29 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2009.10.29 13:56:29 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\PXTToolVC7.dll [2009.10.29 13:55:16 | 000,005,936 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.28 21:45:13 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.24 22:35:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.09 16:47:02 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\CallSimReader.dll [2009.04.09 16:46:02 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\SimReader.dll [2008.04.22 01:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll ========== LOP Check ========== [2011.05.28 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.purple [2011.06.02 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\5015 [2009.10.26 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ACD Systems [2011.04.06 02:05:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Binreader [2010.07.19 23:42:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Camersoft [2010.04.05 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canneverbe Limited [2010.06.09 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CD-LabelPrint [2009.11.18 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite [2009.10.30 02:12:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DataDesign [2010.11.16 03:52:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox [2010.06.21 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\EPSON [2010.06.15 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Facebook [2011.06.07 21:38:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla [2010.07.06 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Genie-Soft [2011.01.12 00:27:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\gtk-2.0 [2009.11.02 00:48:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HotSync [2009.10.29 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImgBurn [2009.11.10 03:26:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\JAM Software [2011.06.02 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\kock [2010.06.29 13:10:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LaCie [2010.04.18 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LEAPS [2009.11.28 20:37:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ManyCam [2010.07.16 01:08:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MPEG Streamclip [2010.06.30 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\net.tw.fotolia-desktop [2011.04.08 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\newsdata [2009.11.15 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Notepad++ [2010.07.01 09:24:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PCToolsFirewallPlus [2010.04.17 23:56:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Pegasys Inc [2010.08.29 02:21:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PhonerLite [2010.06.25 11:53:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PingPlotter [2009.11.18 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\renamer [2010.06.30 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer [2010.06.28 22:17:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thinstall [2010.02.14 22:28:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird [2011.05.16 00:59:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TrueCrypt [2011.06.05 23:39:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent [2009.11.24 17:04:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Vodafone [2009.11.28 11:29:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Western Digital [2010.08.21 03:43:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinAVI [2010.09.21 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WindSolutions [2011.06.07 08:47:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\xmldm [2010.11.22 17:37:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.01.08 10:33:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.12.17 23:58:22 | 000,000,000 | -H-D | M] -- C:\.Trashes [2011.06.08 11:05:45 | 000,000,000 | ---D | M] -- C:\awaynet.bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.22 01:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.05.12 14:45:41 | 000,000,000 | ---D | M] -- C:\FileCollectorSettings [2011.06.08 11:11:42 | 000,000,000 | R--D | M] -- C:\Programme [2011.06.08 01:09:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.08 01:15:19 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.22 01:57:47 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.22 01:57:47 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.06.08 11:29:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.08 01:15:35 | 000,000,000 | R--D | M] -- C:\Users [2011.06.07 22:36:22 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2009.11.02 01:15:10 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Program Files (x86)\putty.exe [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Users\admin\Documents\Read Me.jpg:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\admin\Documents\.DS_Store:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\admin\.DS_Store:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\._.Trashes:Mac_Metadata @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C31F31E6 < End of report > Malwarebytes auffällige Einträge. Aktuelle Software, aktuelle Updates. Code:
ATTFilter Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Value: Userinit -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\admin\AppData\Local\Temp\0.1435557262232292.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\admin\AppData\Local\Temp\0.5065555797128156.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\admin\AppData\Roaming\appconf32.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
08.06.2011, 11:44 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden. Bitte keine halben Sachen posten, das Malwarebytes-Logfile muss vollständig gepostet werden. POste alle falls mehrere vorliegen. (pro Scan mit Malwarebytes wird ein Log angelegt)
__________________Zitat:
__________________ |
08.06.2011, 11:54 | #3 | ||
| Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden. Ich finde personal Firewalls nicht sinnfrei.
__________________1. Wird die interne Firewall gerne und oft umgangen, da sie Standard ist. 2. Bietet die interne Firewall keinen Schutz gegen Software, die Daten ins Internet sendet. Mir wäre die Infektion nicht so schnell aufgefallen 3. möchte ich gerne wissen, wann ein Programm auf das Internet zugreifen will Ok, ich wollte es nur übersichtlich gestalten mit den Logs. Zitat:
Zitat:
|
08.06.2011, 12:46 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden.Zitat:
Lies einfach mal hier, ich denke dann sollte es etwas klarer werden: Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden. |
.com, 0x00000001, adobe, alternate, autorun, avira, awaynet.bin, bho, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, desktop, druck, energiesparmodus, error, explorer, format, gruppe, helper, home, internet, java-update, langs, logfile, m.exe, microsoft security, mozilla, mozilla thunderbird, neustart., object, oldtimer, plug-in, prima, prozess, registry, required, rundll, scan, sched.exe, searchplugins, security, security update, server, sptd.sys, staropen, start menu, system, systray .exe stub, syswow64, tastatur, trojaner, vodafone, webcheck |