| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Metropolitan Police auf Acer Aspire Notebook eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2011, 01:42
| #1 |
 |  Metropolitan Police auf Acer Aspire Notebook eingefangen Nachdem mir hier bereits einmal so wunderbar geholfen werden konnte, versuche ich mich diesmal mit dem Rechner meiner Schwester. Wie in anderen Threads berichtet erscheint nach Systemstart die Warnung der Metropoliton Police danach geht gar nichts mehr. Ich habe die OTLPEstd.exe runtergeladen, die BootCD erstellt und OTL ausgeführt, nur leider kann ich weder auf das Internet zufreifen, noch wird mein USB Stick vom Rechner erkannt. Gibt es da noch einen Trick, habe mit REATOGO-X-PE noch keine Erfahrungen?! Vielen Dank im voraus, bin morgen ab etwa 12 Uhr wieder im Forum unterwegs.
__________________ Danke Arne  und markusg und cosinus |
|
20.06.2011, 10:12
| #2 |
| /// Malware-holic   | Metropolitan Police auf Acer Aspire Notebook eingefangen hi
__________________versuch mal nen andern usb stick, oder usb port.
__________________ |
|
20.06.2011, 12:29
| #3 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Danke, scheint wahrhaftig am USB-Stick gelegen zu haben
__________________ Hier der OTL-Bericht: OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/20/2011 3:23:45 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.99 Gb Total Space | 274.96 Gb Free Space | 60.30% Space Free | Partition Type: NTFS
Drive D: | 975.63 Mb Total Space | 975.63 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/05/01 16:54:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/04 14:50:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/25 04:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/23 11:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/06/03 03:43:42 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/05/14 17:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/11 13:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/01/16 14:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/12/18 08:51:34 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/04/04 14:50:29 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 18:49:19 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/03 06:08:42 | 004,934,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/16 14:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/29 18:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/04 12:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 12:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 12:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/11/11 22:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/09/04 00:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738
IE - HKU\Alison_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Alison_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 16:25:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/04 16:25:54 | 000,000,000 | ---D | M]
[2010/08/08 10:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Extensions
[2011/06/19 04:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\0rfo6vax.default\extensions
[2010/08/16 04:46:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\0rfo6vax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/22 07:49:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\0rfo6vax.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/14 16:20:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\0rfo6vax.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/07 18:21:27 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\0rfo6vax.default\extensions\vshare@toolbar
[2011/01/14 16:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/19 05:14:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/22 07:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/26 04:40:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/14 16:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/31 18:02:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/10/31 18:02:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/10/31 18:02:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/10/31 18:02:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/10/31 18:02:07 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Alison_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alison\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Alison_ON_C Winlogon: Shell - (C:\Users\Alison\AppData\Local\Temp\0.6731115882595249.exe) - C:\Users\Alison\AppData\Local\Temp\0.6731115882595249.exe (BitDefender)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/18 06:42:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/17 10:22:06 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/17 10:22:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/17 10:22:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/17 10:22:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/17 10:22:05 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/17 10:22:05 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/17 10:22:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/17 10:22:04 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/17 10:22:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/06/17 10:22:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/12 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\fotos karneval
[2011/06/08 14:09:16 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\Phantasiereise
[2011/05/28 05:39:13 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\go
[2011/05/28 05:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2010/08/10 13:46:59 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Alison\AppData\Local\cmdial32.dll
[2010/08/07 20:05:12 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Users\Alison\Desktop\*.tmp files -> C:\Users\Alison\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/20 04:34:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/19 18:28:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/19 18:26:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 18:26:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/19 18:26:36 | 3215,810,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 18:13:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 15:57:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 04:05:22 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/19 04:05:22 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/19 04:05:22 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/19 04:05:22 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/18 06:34:55 | 000,007,160 | ---- | M] () -- C:\Users\Alison\AppData\Local\d3d9caps.dat
[2011/06/17 11:31:03 | 000,011,033 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg4.jpg
[2011/06/17 11:29:21 | 000,064,439 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg3.jpg
[2011/06/17 11:25:48 | 000,373,677 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg2.jpg
[2011/06/17 11:25:02 | 000,030,349 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg.jpg
[2011/06/17 11:23:26 | 000,033,212 | ---- | M] () -- C:\Users\Alison\Desktop\Unbenannt.jpg
[2011/06/12 16:35:32 | 000,020,185 | ---- | M] () -- C:\Users\Alison\Desktop\Puhpi geht jetzt ins Betti x.jpg
[2011/06/12 12:29:15 | 000,011,264 | ---- | M] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/12 12:23:22 | 249,011,285 | ---- | M] () -- C:\Users\Alison\Desktop\fotos karneval.zip
[2011/05/27 13:00:56 | 002,814,384 | ---- | M] () -- C:\Users\Alison\Documents\DSC03925-1.jpg
[2011/05/26 14:31:00 | 003,826,284 | ---- | M] () -- C:\Users\Alison\Documents\DSCI0006.JPG
[2011/05/25 08:41:44 | 000,000,565 | ---- | M] () -- C:\Users\Alison\Documents\attachments_2011_05_25 - Verknüpfung.lnk
[2011/05/23 17:20:28 | 000,031,501 | ---- | M] () -- C:\Users\Alison\Documents\pic profilxm.jpg
[2011/05/23 17:11:09 | 000,030,551 | ---- | M] () -- C:\Users\Alison\Documents\pic profilkk.jpg
[2011/05/23 17:10:07 | 000,033,351 | ---- | M] () -- C:\Users\Alison\Documents\pic profilx.jpg
[2011/05/23 17:09:49 | 000,033,351 | ---- | M] () -- C:\Users\Alison\Documents\pic profil.jpg
[2 C:\Users\Alison\Desktop\*.tmp files -> C:\Users\Alison\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/17 11:30:24 | 000,011,033 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg4.jpg
[2011/06/17 11:29:21 | 000,064,439 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg3.jpg
[2011/06/17 11:25:48 | 000,373,677 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg2.jpg
[2011/06/17 11:25:01 | 000,030,349 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg.jpg
[2011/06/17 11:23:26 | 000,033,212 | ---- | C] () -- C:\Users\Alison\Desktop\Unbenannt.jpg
[2011/06/12 13:18:18 | 000,020,185 | ---- | C] () -- C:\Users\Alison\Desktop\Puhpi geht jetzt ins Betti x.jpg
[2011/06/12 12:18:59 | 249,011,285 | ---- | C] () -- C:\Users\Alison\Desktop\fotos karneval.zip
[2011/05/28 05:39:13 | 000,001,589 | ---- | C] () -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/27 13:00:55 | 002,814,384 | ---- | C] () -- C:\Users\Alison\Documents\DSC03925-1.jpg
[2011/05/25 08:41:44 | 000,000,565 | ---- | C] () -- C:\Users\Alison\Documents\attachments_2011_05_25 - Verknüpfung.lnk
[2011/05/23 17:20:28 | 000,031,501 | ---- | C] () -- C:\Users\Alison\Documents\pic profilxm.jpg
[2011/05/23 17:11:09 | 000,030,551 | ---- | C] () -- C:\Users\Alison\Documents\pic profilkk.jpg
[2011/05/23 17:10:06 | 000,033,351 | ---- | C] () -- C:\Users\Alison\Documents\pic profilx.jpg
[2011/05/23 17:02:44 | 000,033,351 | ---- | C] () -- C:\Users\Alison\Documents\pic profil.jpg
[2010/12/03 18:26:57 | 000,080,384 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010/10/19 05:15:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/11 07:08:51 | 000,007,160 | ---- | C] () -- C:\Users\Alison\AppData\Local\d3d9caps.dat
[2010/09/05 18:13:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/08/07 19:46:13 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010/08/07 19:46:13 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/08/07 19:46:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010/08/07 19:46:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010/08/07 19:46:13 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/08/07 12:46:34 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/07 12:46:34 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/08/07 12:46:34 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/07 12:44:32 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010/08/07 12:44:32 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/08/07 12:44:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/08/07 12:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/07 12:27:54 | 000,011,264 | ---- | C] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 06:47:51 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/03/12 06:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/03/12 06:47:51 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/03/12 06:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/03/12 06:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/11 22:09:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/11 22:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 16:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 16:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 16:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2010/08/07 12:54:28 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Acer GameZone Console
[2011/03/14 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/19 10:00:56 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\go
[2010/08/07 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\PowerCinema
[2010/08/07 12:54:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2010/08/07 12:37:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2010/08/16 09:51:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/08/07 12:37:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/08/07 12:37:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/06/19 16:09:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2010/08/07 12:56:45 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2010/08/07 12:52:45 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010/08/07 12:37:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/08/07 12:37:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/03/11 23:26:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2010/08/07 12:37:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/06/19 18:28:11 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
[/CODE]
__________________ |
|
20.06.2011, 12:50
| #4 |
| /// Malware-holic | Metropolitan Police auf Acer Aspire Notebook eingefangen auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Alison_ON_C Winlogon: Shell - (C:\Users\Alison\AppData\Local\Temp\0.6731115882595249.exe) - C:\Users\Alison\AppData\Local\Temp\0.6731115882595249.exe
(BitDefender)
:Files
C:\Users\Alison\AppData\Local\Temp\0.6731115882595249.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.06.2011, 13:36
| #5 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Otl-Fix ist durchgelaufen, neustart hat leider nicht funktioniert, stattdessen eingefrorener Bildschirm. Habe dann manuell neu gestartet, Metropoliton Warnung schonmal weg, allerdings otl.txt öffnete sich nicht. Die Moved_files.zip ist hochgeladen, erneuter otl-scan ergab: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2011 17:28:24 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Alison\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,54% Memory free 6,18 Gb Paging File | 5,20 Gb Available in Paging File | 84,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 273,92 Gb Free Space | 60,07% Space Free | Partition Type: NTFS Drive E: | 975,63 Mb Total Space | 974,88 Mb Free Space | 99,92% Space Free | Partition Type: FAT Computer Name: ALISON-PC | User Name: Alison | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.20 02:02:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe PRC - [2011.05.01 22:54:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.04 20:50:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.04 23:54:25 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.08.08 01:52:04 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.08.07 18:57:12 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Alison\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.08.07 18:46:21 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.06.25 03:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.06.03 09:44:10 | 000,335,872 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.06.03 09:43:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (SafeList) ========== MOD - [2011.06.20 02:02:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll MOD - [2009.06.23 17:19:38 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.01 22:54:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.04 20:50:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.06.03 09:43:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.04.04 20:50:29 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.23 00:49:19 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.03 12:08:42 | 004,934,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.11.12 04:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "yahoo.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.04 22:25:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 22:25:54 | 000,000,000 | ---D | M] [2010.08.08 16:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\mozilla\Extensions [2011.06.19 10:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\mozilla\Firefox\Profiles\0rfo6vax.default\extensions [2010.08.16 10:46:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alison\AppData\Roaming\mozilla\Firefox\Profiles\0rfo6vax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 13:49:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alison\AppData\Roaming\mozilla\Firefox\Profiles\0rfo6vax.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.03.14 22:20:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alison\AppData\Roaming\mozilla\Firefox\Profiles\0rfo6vax.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.08 00:21:27 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Alison\AppData\Roaming\mozilla\Firefox\Profiles\0rfo6vax.default\extensions\vshare@toolbar [2011.01.14 22:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.19 11:14:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.22 13:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.26 10:40:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.14 22:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.10.19 11:14:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.09.22 13:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.26 10:40:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.14 22:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.11.01 00:02:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.01 00:02:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.01 00:02:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.01 00:02:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.01 00:02:07 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alison\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Alison\AppData\Local\Temp\0.6731115882595249.exe) - File not found O24 - Desktop WallPaper: C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.20 23:17:42 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2011.06.20 23:17:02 | 000,000,000 | ---D | C] -- C:\_OTL [2011.06.20 17:28:09 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe [2011.06.18 12:42:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.06.17 16:22:06 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.17 16:22:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.17 16:22:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.06.17 16:22:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.17 16:22:05 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.17 16:22:05 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.17 16:22:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.17 16:22:04 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.17 16:22:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.06.17 16:22:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.12 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\fotos karneval [2011.06.08 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\Phantasiereise [2011.05.28 11:39:13 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\go [2011.05.28 11:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO [2010.08.10 19:46:59 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Alison\AppData\Local\cmdial32.dll [2010.08.08 02:05:12 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2 C:\Users\Alison\Desktop\*.tmp files -> C:\Users\Alison\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.20 17:25:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.20 17:25:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.20 17:25:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.20 17:25:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.20 17:20:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.20 17:20:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.20 17:20:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.20 17:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.20 17:20:32 | 3213,729,792 | -HS- | M] () -- C:\hiberfil.sys [2011.06.20 02:02:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe [2011.06.20 00:28:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.06.19 21:57:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.18 12:34:55 | 000,007,160 | ---- | M] () -- C:\Users\Alison\AppData\Local\d3d9caps.dat [2011.06.17 17:31:03 | 000,011,033 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg4.jpg [2011.06.17 17:29:21 | 000,064,439 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg3.jpg [2011.06.17 17:25:48 | 000,373,677 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg2.jpg [2011.06.17 17:25:02 | 000,030,349 | ---- | M] () -- C:\Users\Alison\Desktop\pfingstberg.jpg [2011.06.17 17:23:26 | 000,033,212 | ---- | M] () -- C:\Users\Alison\Desktop\Unbenannt.jpg [2011.06.12 22:35:32 | 000,020,185 | ---- | M] () -- C:\Users\Alison\Desktop\Puhpi geht jetzt ins Betti x.jpg [2011.06.12 18:29:15 | 000,011,264 | ---- | M] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.12 18:23:22 | 249,011,285 | ---- | M] () -- C:\Users\Alison\Desktop\fotos karneval.zip [2011.05.27 19:00:56 | 002,814,384 | ---- | M] () -- C:\Users\Alison\Documents\DSC03925-1.jpg [2011.05.26 20:31:00 | 003,826,284 | ---- | M] () -- C:\Users\Alison\Documents\DSCI0006.JPG [2011.05.25 14:41:44 | 000,000,565 | ---- | M] () -- C:\Users\Alison\Documents\attachments_2011_05_25 - Verknüpfung.lnk [2011.05.23 23:20:28 | 000,031,501 | ---- | M] () -- C:\Users\Alison\Documents\pic profilxm.jpg [2011.05.23 23:11:09 | 000,030,551 | ---- | M] () -- C:\Users\Alison\Documents\pic profilkk.jpg [2011.05.23 23:10:07 | 000,033,351 | ---- | M] () -- C:\Users\Alison\Documents\pic profilx.jpg [2011.05.23 23:09:49 | 000,033,351 | ---- | M] () -- C:\Users\Alison\Documents\pic profil.jpg [2 C:\Users\Alison\Desktop\*.tmp files -> C:\Users\Alison\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.17 17:30:24 | 000,011,033 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg4.jpg [2011.06.17 17:29:21 | 000,064,439 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg3.jpg [2011.06.17 17:25:48 | 000,373,677 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg2.jpg [2011.06.17 17:25:01 | 000,030,349 | ---- | C] () -- C:\Users\Alison\Desktop\pfingstberg.jpg [2011.06.17 17:23:26 | 000,033,212 | ---- | C] () -- C:\Users\Alison\Desktop\Unbenannt.jpg [2011.06.12 19:18:18 | 000,020,185 | ---- | C] () -- C:\Users\Alison\Desktop\Puhpi geht jetzt ins Betti x.jpg [2011.06.12 18:18:59 | 249,011,285 | ---- | C] () -- C:\Users\Alison\Desktop\fotos karneval.zip [2011.05.28 11:39:13 | 000,001,589 | ---- | C] () -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk [2011.05.27 19:00:55 | 002,814,384 | ---- | C] () -- C:\Users\Alison\Documents\DSC03925-1.jpg [2011.05.25 14:41:44 | 000,000,565 | ---- | C] () -- C:\Users\Alison\Documents\attachments_2011_05_25 - Verknüpfung.lnk [2011.05.23 23:20:28 | 000,031,501 | ---- | C] () -- C:\Users\Alison\Documents\pic profilxm.jpg [2011.05.23 23:11:09 | 000,030,551 | ---- | C] () -- C:\Users\Alison\Documents\pic profilkk.jpg [2011.05.23 23:10:06 | 000,033,351 | ---- | C] () -- C:\Users\Alison\Documents\pic profilx.jpg [2011.05.23 23:02:44 | 000,033,351 | ---- | C] () -- C:\Users\Alison\Documents\pic profil.jpg [2010.12.04 00:26:57 | 000,080,384 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2010.10.19 11:15:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.11 13:08:51 | 000,007,160 | ---- | C] () -- C:\Users\Alison\AppData\Local\d3d9caps.dat [2010.09.06 00:13:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.08 01:46:13 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2010.08.08 01:46:13 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.08.08 01:46:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.08.08 01:46:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2010.08.08 01:46:13 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.08.07 18:46:34 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.08.07 18:46:34 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2010.08.07 18:46:34 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2010.08.07 18:44:32 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2010.08.07 18:44:32 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.08.07 18:44:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2010.08.07 18:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.07 18:27:54 | 000,011,264 | ---- | C] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.12 12:47:51 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 12:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 12:47:51 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 12:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 04:09:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.12 04:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,380,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.06.2011 17:28:24 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Alison\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,54% Memory free
6,18 Gb Paging File | 5,20 Gb Available in Paging File | 84,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 273,92 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive E: | 975,63 Mb Total Space | 974,88 Mb Free Space | 99,92% Space Free | Partition Type: FAT
Computer Name: ALISON-PC | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE621BF0-0ADF-4D9F-A9E1-06B4DD68A514}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012FD276-9543-40A7-B2DD-BE6815BC5D1C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3EDA5596-9835-4B2E-9BAB-A0069FC9D1F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{652BA1B7-E430-4274-AE1D-85162DEE5840}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{94AF9014-FEA5-4F9A-99A7-FBB2F29EE536}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A345C8DA-91C9-4AC2-9B57-E4AA214522B7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{DCFA2E77-0245-425C-9ECA-023DCFAE2811}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E37D95B9-4B48-41C3-9B84-17902CED0620}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{E0A6E2D9-DBE6-4268-82E3-5D0C76AD11AB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{40686F6F-5CDF-423F-ADB6-D2665C3C0DA8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English
"{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish
"{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian
"{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish
"{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New
"{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian
"{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional
"{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76D6737F-CF8D-4e9c-B3FE-1C65604804E1}" = FotoUp
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95047478-F81C-49de-8875-DB4ABECCB17C}" = FotoUp
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9639A939-076D-4fdc-8F0C-F9D531E0E2A6}" = W3FotoUp
"{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian
"{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek
"{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility
"{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean
"{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard
"{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light
"{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese
"{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2011 17:17:38 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.06.2011 03:54:26 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.06.2011 14:45:11 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2011 03:56:35 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2011 11:40:22 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2011 20:05:20 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2011 03:05:09 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2011 03:33:39 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2011 05:53:32 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2011 14:08:16 | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.06.2011 16:15:29 | Computer Name = Alison-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.06.2011 um 22:10:26 unerwartet heruntergefahren.
Error - 19.06.2011 16:15:31 | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =
Error - 19.06.2011 16:16:30 | Computer Name = Alison-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2011 18:12:46 | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =
Error - 19.06.2011 18:19:51 | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =
Error - 19.06.2011 18:21:06 | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =
Error - 19.06.2011 18:22:44 | Computer Name = Alison-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2011 18:26:44 | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =
Error - 20.06.2011 11:20:43 | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =
Error - 20.06.2011 11:22:18 | Computer Name = Alison-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
[/CODE]
__________________ Danke Arne und markusg und cosinus |
|
20.06.2011, 14:25
| #6 |
| /// Malware-holic | Metropolitan Police auf Acer Aspire Notebook eingefangen sieht gut aus. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> Metropolitan Police auf Acer Aspire Notebook eingefangen |
|
20.06.2011, 15:29
| #7 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Ok, hier das Log dazu: Code:
ATTFilter ComboFix 11-06-19.0r1 - Alison 20.06.2011 19:04:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.2001 [GMT 2:00]
ausgeführt von:: c:\users\Alison\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-20 bis 2011-06-20 ))))))))))))))))))))))))))))))
.
.
2011-06-20 21:17 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-20 21:17 . 2011-06-20 15:23 -------- d-----w- C:\_OTL
2011-06-20 17:15 . 2011-06-20 17:16 -------- d-----w- c:\users\Alison\AppData\Local\temp
2011-06-20 17:15 . 2011-06-20 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 14:21 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 14:21 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 14:21 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 14:21 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 14:21 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-17 14:21 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 14:21 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 14:21 . 2011-04-29 12:49 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 14:21 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 14:21 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 14:21 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-28 09:39 . 2011-06-19 14:00 -------- d-----w- c:\users\Alison\AppData\Roaming\go
2011-05-28 09:39 . 2011-06-19 20:09 -------- d-----w- c:\programdata\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-04 18:50 . 2010-08-07 16:29 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-07 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-08-07 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-18 15:36]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-18 15:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Fotoabzug online bestellen ! - hxxp://fotoup.info/ie2wk.php?hid=simply
IE: Free YouTube to MP3 Converter - c:\users\Alison\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\0rfo6vax.default\
FF - prefs.js: browser.startup.homepage - yahoo.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-20 19:15
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(296)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Zeit der Fertigstellung: 2011-06-20 19:24:30
ComboFix-quarantined-files.txt 2011-06-20 17:24
.
Vor Suchlauf: 11 Verzeichnis(se), 293.978.468.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 295.298.539.520 Bytes frei
.
- - End Of File - - 1D0AC5F8B39539A20B785A6776C77F09
__________________ Danke Arne und markusg und cosinus |
|
20.06.2011, 15:42
| #8 |
| /// Malware-holic | Metropolitan Police auf Acer Aspire Notebook eingefangen download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.06.2011, 19:56
| #9 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Erledigt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6904
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
20.06.2011 23:52:46
mbam-log-2011-06-20 (23-52-46).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 313005
Laufzeit: 46 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\_OTL\movedfiles\06202011_171702\C_Users\Alison\AppData\Local\Temp\0.6731115882595249.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
__________________ Danke Arne und markusg und cosinus |
|
21.06.2011, 10:19
| #10 |
| /// Malware-holic | Metropolitan Police auf Acer Aspire Notebook eingefangen jo. lade den CCleaner standard: CCleaner - Standard falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.06.2011, 15:35
| #11 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Da das nicht mein Rechner ist, kann ich das nur ganz schwer beurteilen, was davon benötigt wird und was nicht. Ich hab mal rüber geguckt, mir ist ein großer Teil der Programme nicht bekannt. Ich vermute du möchtest mir so helfen Sicherheitslücken zu schließen, ich werde meiner Schwester ausrichten, dass sie sich von Programmen, die sie nicht benutzt trennen soll. Ist das ausreichend?
__________________ Danke Arne und markusg und cosinus |
|
21.06.2011, 15:40
| #12 |
| /// Malware-holic | Metropolitan Police auf Acer Aspire Notebook eingefangen genau, oder ihr arbeitet die liste besser zusammen ab, dann kann ich gleich auf updates verweisen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.06.2011, 16:39
| #13 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Ok, bin die Liste mit meiner Schwester durchgegangen. Sie kennt da noch weniger als ich  Code:
ATTFilter Acer Arcade Deluxe CyberLink Corp. 11.03.2009 88,0MB 2.5.6121
Acer Backup Manager NewTech Infosystems 06.08.2010 234MB 1.0.0.58
Acer Crystal Eye webcam Ver:1.1.74.216 Chicony Electronics Co.,Ltd. 06.08.2010 1,29MB 1.1.74.216
Acer eRecovery Management Acer Incorporated 06.08.2010 11,7MB 4.00.3008
Acer GridVista 06.08.2010 1,51MB 2.72.317
Acer PowerSmart Manager Acer Incorporated 06.08.2010 7,33MB 4.01.3016
Acer Product Registration Acer Incorporated 06.08.2010 5,92MB 3.0.0.10
Acer ScreenSaver Acer 06.08.2010 1.0.0.0226
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 12.08.2010 10.1.82.76 benötigt
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 26.09.2010 10.1.85.3 benötigt
Adobe Reader 9 - Deutsch Adobe Systems Incorporated 11.03.2009 232MB 9.0.0 benötigt
Airport Mania First Flight Oberon Media 06.08.2010 31,0MB unbekannt
ATI Catalyst Install Manager ATI Technologies, Inc. 06.08.2010 13,8MB 3.0.728.0 benötigt
Avira AntiVir Personal - Free Antivirus Avira GmbH 20.06.2011 116,4MB 10.0.0.650 benötigt
Broadcom Gigabit NetLink Controller Broadcom Corporation 10.02.2009 0,35MB 11.34.02 benötigt
C:\Program Files\Acer GameZone\GameConsole Oberon Media, Inc. 06.08.2010 42,1MB 2.0.1.6 unbekannt
Cake Mania 2 Oberon Media 06.08.2010 44,5MB unbekannt
CCleaner Piriform 20.06.2011 3,68MB 3.07 benötigt
Compatibility Pack für 2007 Office System Microsoft Corporation 17.06.2011 39,9MB 12.0.6425.1000 benötigt
Cooking Dash Oberon Media 06.08.2010 25,6MB unbekannt
Cradle of Rome Oberon Media 06.08.2010 38,9MB unbekannt
Dairy Dash Oberon Media 06.08.2010 20,8MB unbekannt
Deinstallation der Arcor Online Software Arcor AG & Co. KG 09.08.2010 6,11MB 5.0.0.6 benötigt
DivX-Setup DivX, Inc. 05.12.2010 2,29MB 2.1.2.2 benötigt
Dream Day Honeymoon Oberon Media 06.08.2010 103,1MB unbekannt
Dream Day Wedding Oberon Media 06.08.2010 87,2MB unbekannt
EasyBits GO EasyBits Media 27.05.2011 12,6MB unbekannt
eSobi v2 esobi Inc. 06.08.2010 22,9MB 2.0.3.000223 unbekannt
FotoUp 03.12.2010 1,80MB 2.11 unbekannt
FotoUp 03.12.2010 1,80MB 2.12 unbekannt
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 13.03.2011 3,02MB unbekannt
Free YouTube to MP3 Converter version 3.9.34.305 DVDVideoSoft Limited. 13.03.2011 3,48MB benötigt
Galapago Oberon Media 06.08.2010 46,9MB unbekannt
Google Chrome Google Inc. 17.08.2010 242MB 12.0.742.100 nicht benötigt
Google Earth Google 29.09.2010 85,4MB 5.2.1.1588 nicht benötigt
Google Toolbar for Internet Explorer Google Inc. 25.03.2011 36,0MB 6.6.1409.1944 benötigt
HDAUDIO Soft Data Fax Modem with SmartCP Conexant Systems 06.08.2010 1,01MB 7.80.2.53 nicht benötigt
Java(TM) 6 Update 23 Sun Microsystems, Inc. 21.09.2010 94,5MB 6.0.230 benötigt
Jewel Quest Solitaire Oberon Media 06.08.2010 27,6MB nicht benötigt
Launch Manager Acer Inc. 06.08.2010 3,98MB 2.0.10 unbekannt
Luxor 2 Oberon Media 06.08.2010 24,7MB unbekannt
Mahjong Escape Ancient China Oberon Media 06.08.2010 14,3MB nicht benötigt
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 19.06.2011 7,29MB 1.51.0.1200 benötigt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 15.08.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.08.2010 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.09.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.09.2010 24,5MB 4.0.30319
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 17.06.2011 34,7MB 12.0.6425.1000 benötigt
Microsoft Office Professional Plus 2010 Microsoft Corporation 07.08.2010 978MB 14.0.4763.1000 benötigt
Microsoft Office Suite Activation Assistant Microsoft Corporation 11.03.2009 8,37MB 2.9 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.03.2009 1,74MB 3.1.0000 nicht benötigt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.08.2010 0,58MB 9.0.30729.4148 nicht benötigt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,58MB 9.0.30729.6161 nicht benötigt
Microsoft Works Microsoft Corporation 15.12.2010 378MB 9.7.0621 benötigt
Mozilla Firefox (3.6.17) Mozilla 03.05.2011 29,6MB 3.6.17 (de) benötigt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.03.2009 1,29MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 07.08.2010 1,34MB 4.20.9876.0 unbekannt
MyWinLocker Egis Technology Inc. 06.08.2010 35,2MB 3.1.59.0 unbekannt
NTI Backup Now 5 NewTech Infosystems 11.03.2009 29,5MB 5.1.2.616 unbekannt
NTI Media Maker 8 NewTech Infosystems 11.03.2009 187,5MB 8.0.2.6509 nicht benötigt
Ocean Express Oberon Media 06.08.2010 16,6MB unbekannt
Orion Convesoft 06.08.2010 15,0MB 2.5.0 unbekannt
Parking Dash Oberon Media 06.08.2010 24,5MB unbekannt
Puzzle Express Oberon Media 06.08.2010 12,4MB nicht benötigt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.08.2010 11,0MB 6.0.1.5794 benötigt
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 10.02.2009 6,61MB 6.0.6000.20113 benötigt
Skype Toolbars Skype Technologies S.A. 18.10.2010 7,11MB 5.0.4126 benötigt
Skype™ 5.0 Skype Technologies S.A. 18.10.2010 21,4MB 5.0.152 benötigt
Synaptics Pointing Device Driver Synaptics 06.08.2010 17,7MB 12.1.0.0 unbekannt
Tradewinds 2 Oberon Media 06.08.2010 15,5MB unbekannt
Tri-Peaks Solitaire To Go Oberon Media 06.08.2010 21,3MB nicht benötigt
Turbo Pizza Oberon Media 06.08.2010 175,4MB nicht benötigt
Uninstall 1.0.0.1 13.03.2011 32,1MB unbekannt
VLC media player 1.1.4 VideoLAN 08.10.2010 76,5MB 1.1.4 benötigt
W3FotoUp 03.12.2010 2.0 unbekannt
Wedding Dash Oberon Media 06.08.2010 19,8MB unbekannt
Windows Live Anmelde-Assistent Microsoft Corporation 07.08.2010 1,93MB 5.000.818.6 unbekannt
Windows Live Essentials Microsoft Corporation 11.03.2009 136,5MB 14.0.8050.1202 unbekannt
Windows Live Sync Microsoft Corporation 11.03.2009 2,80MB 14.0.8050.1202 unbekannt
Windows Live-Uploadtool Microsoft Corporation 11.03.2009 0,22MB 14.0.8014.1029 unbekannt
Zuma Deluxe Oberon Media 06.08.2010 11,9MB nicht benötigt
__________________ Danke Arne und markusg und cosinus |
|
21.06.2011, 16:39
| #14 |
| /// Malware-holic | Metropolitan Police auf Acer Aspire Notebook eingefangen warum ist es nicht so beschriftet wie beschrieben bei einigen fehlen die.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.06.2011, 16:47
| #15 |
| | Metropolitan Police auf Acer Aspire Notebook eingefangen Entschuldige, wenn dann haben wir es übersehen. Das es auf die genaue Wortwahl ankommt, habe ich nicht bedacht. Ich aktualisiere die Liste umgehend.
__________________ Danke Arne und markusg und cosinus |
|
| Themen zu Metropolitan Police auf Acer Aspire Notebook eingefangen |
| acer, acer aspire, andere, anderen, aspire, eingefangen, erfahrungen, erstell, erstellt, forum, gen, interne, internet, konnte, metropolitan police, morgen, nichts, notebook, reatogo-x-pe, rechner, stick, systemstart, threads, trick, unterwegs, usb, usb stick, versuche, warnung |
Linear-Darstellung
