| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.09.2011, 22:40
| #1 | ||
| |  TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? Hallo, System: Microsoft Windows Vista Home Edition OS Service Pack Service Pack 2 gestern habe ich mir dummerweise auf irgendeiner unbekannten Seite eine Serie über einen Stream angeschaut. Auf einmal wollte ein unbekannte *.exe Datei sich installieren. Diese habe ich nicht zugelassen. Danach kamen abwechselnd *.exe Dateie die folgendermaßen hießen: Setup-wechselnde zahlenfolge-.exe (Bsp: Setup123883298.exe). Immer wenn ich sie geschlossen habe, ist eine neue aufgetaucht. Nachdem ich mit dem Task-manager gesehen habe dass ganz viele Prozesse offen waren die mozilla-plugin hießen, die aber sonst nie da sind, dachte ich es hängt irgendwie mit Firefox zusammen, dass die Setup DAteien nicht auufhören. Nach deinstallation von Firefox haben die Setup Dateien auch aufgehört. Scan mit Antivir im abgesicherten Modus hat ergeben: TR/Crypt:Xpack.gen diesen habe ich läschen lassen. Hab dann aber überprüft in msconfig ob sich etwas verändert hat und tatsächlich war eine Datei namens HKCU\..\Run: [Uhowalifi] rundll32.exe "C:\Users\Maren\AppData\Local\ntuorodf.dll",Startup die sich dort nun eingetragen hatte. Diese Datei habe ich mit einem Program namens Unlocker entfernt weil sie sich sonst nicht entfernernen lies. Danach habe ich mit dem registry editor den Startup eintrag gesucht und gelöscht. (auch wenn ich die auszuführende Datei ja bereits entfernt habe, egal) Dann habe ich im abgesicherten Modus den Windows defender durchlaufen lassen. Dieser hat wiederum folgendes Vorgebracht: Win.32/Hiloti.gen!D Nach öffnen des Dateipfades in dem die Datei mit dem eben genannten Trojaner war: C:\Users\M*\AppData\Local\Temp fand ich außer der *.exe datei, die ganzen Setup-wechselnde Nummer-.exe dateien die mich vorher so geärgert haben. Die *.exe Datei wurde von Windefender gelöscht den Rest habe ich wieder mit Unlocker gelöscht. So danach habe ich den CC Reg Cleaner durchlaufen lassen die reg bereinigt und fehlerhaftes reperiert. Zum abschluss habe ich dann noch Spybot Search and Destroy im abgesicherten modus durchlaufen lassen. Dieser hat zwei schadhafte einträge gefunden ich weiß leider nicht mehr genau wie die hießen einer glaub ich irgendwas mit babylon und der andere irgendwie facemondi oder so...naja aber ich glaube diese beiden Einträge hatten nichts mit dem davor zu tun. Sooo jetzt mal die Hijack file von gestern kurz nach dem ganzen Befall: Zitat:
Zitat:
Bin ich jetzt wieder safe, vorausgesetz wenn ich nicht gerade auf so dämliche Hompages gehe?  Vielen DAnk schon mal für eure Hilfe und hohen Respekt, dass ihr euch die Zeit und mühen macht immer wieder neue Anfragen zu bearbeiten und den Ahnungslosen zu helfen.... beste Grüße Barta |
|
12.09.2011, 07:30
| #2 | ||
| /// Helfer-Team    |  TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Windows Defender: Parallel zu Avira nicht Empfehlenswert aktiv laufen lassen, weil dadurch kommen sich die Beiden in die Quere. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender ► Nach einem Neustart (falls noch aktiviert) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
6. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 7. reinige dein System mit Ccleaner:
8. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
9. poste erneut - nach der vorgenommenen Reinigungsaktion: TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! Zitat:
kira
__________________ |
|
12.09.2011, 19:43
| #3 |
| | TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? Soooo puuuh, ganz schön viele Hausaufgaben die du mir aufgegeben hast...
__________________ Vielen dank erst mal für die schnelle Hilfe und die detailierten Angaben, aht alles prima geklappt!!! Nun die ganzen Log-Files: 1. Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-12 16:35:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0040
Running: ssbw97h9.exe; Driver: C:\Users\Maren\AppData\Local\Temp\pwtoypow.sys
---- System - GMER 1.0.15 ----
SSDT 8C1A1B6E ZwCreateSection
SSDT 8C1A1B73 ZwSetContextThread
SSDT 8C1A1B0F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820B3998 4 Bytes [6E, 1B, 1A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 820B3CF0 4 Bytes [73, 1B, 1A, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A356480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A397900, 0x3CA, 0x48000040]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Maren\Desktop\Sonstiger Kram\You don\xb4t know Jack\Setup.exe 1
---- EOF - GMER 1.0.15 ----
2. MBR - Rootkit Detektor Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll ndis.sys athr.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
C:\Windows\system32\DRIVERS\athr.sys Atheros Communications, Inc. Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter
1 ntkrnlpa!IofCallDriver[0x8204B912] -> \Device\Harddisk0\DR0[0x869FDAC8]
3 CLASSPNP[0x833158B3] -> ntkrnlpa!IofCallDriver[0x8204B912] -> \Device\Ide\IAAStorageDevice-1[0x85853028]
kernel: MBR read successfully
user & kernel MBR OK
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7699
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
12.09.2011 18:13:28
mbam-log-2011-09-12 (18-13-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 310949
Laufzeit: 1 Stunde(n), 13 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 30.01.2009 14,0MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.05.2010 10.0.45.2
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 28.06.2011 10.3.181.34
Adobe Reader 8.3.0 - Deutsch Adobe Systems Incorporated 15.06.2011 102,1MB 8.3.0
Apple Application Support Apple Inc. 18.11.2010 52,8MB 1.4.1
Apple Mobile Device Support Apple Inc. 18.11.2010 21,7MB 3.3.0.69
Apple Software Update Apple Inc. 18.11.2010 2,26MB 2.1.2.120
Atheros Driver Installation Program Atheros 30.01.2009 11,1MB 5.0
Atheros Wi-Fi Protected Setup Library Atheros 31.01.2009 3,99MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 09.08.2011 118,7MB 10.2.0.700
Baphomets Fluch - Der Engel des Todes THQ 21.11.2009 2.552MB 1.00.0000
Bonjour Apple Inc. 18.11.2010 1,14MB 2.0.4.0
CCleaner Piriform 10.09.2011 4,02MB 3.10
CD/DVD Drive Acoustic Silencer TOSHIBA 12.08.2008 0,59MB 2.02.03
Cisco EAP-FAST Module Cisco Systems, Inc. 30.01.2009 1,04MB 2.1.6
Cisco LEAP Module Cisco Systems, Inc. 30.01.2009 1,04MB 1.0.12
Cisco PEAP Module Cisco Systems, Inc. 30.01.2009 0,85MB 1.0.13
Compatibility Pack für 2007 Office System Microsoft Corporation 15.06.2011 39,9MB 12.0.6425.1000
DivX-Setup DivX, Inc. 28.08.2010 2,25MB 2.0.0.86
DSL Connection Manager Telefónica o2 Germany GmbH & Co. OHG 18.03.2009 19,7MB 2.0.0.17
DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 30.01.2009 253MB 5.51
EVEREST Home Edition v2.20 Lavalys Inc 06.09.2011 6,58MB 2.20
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 04.04.2011 3,16MB
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 04.04.2011 3,45MB
FreePDF (Remove only) 05.09.2011 3,58MB
GPL Ghostscript Artifex Software Inc. 05.09.2011 31,6MB 9.04
HDAUDIO Soft Data Fax Modem with SmartCP Conexant Systems 15.09.2010 1,01MB 7.80.2.0
ICQ6.5 ICQ 18.03.2009 66,2MB 6.5
Intel(R) Graphics Media Accelerator Driver Intel Corporation 30.01.2009
Intel® Matrix Storage Manager Intel Corporation 30.01.2009 37,3MB
IsoBuster 2.8 Smart Projects 20.11.2010 10,3MB 2.8
iTunes Apple Inc. 18.11.2010 144,8MB 10.1.0.56
Java(TM) 6 Update 22 Oracle 15.09.2010 94,9MB 6.0.220
Java(TM) 6 Update 6 Sun Microsystems, Inc. 12.08.2008 171,1MB 1.6.0.60
Java(TM) 6 Update 7 Sun Microsystems, Inc. 18.03.2009 136,2MB 1.6.0.70
JDownloader 0.9 AppWork GmbH 29.06.2011 60,6MB 0.9
Logitech Vid Logitech Inc. 09.01.2011 45,6MB 1.70.1044
Logitech Webcam Software Logitech Inc. 09.01.2011 2.0
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 11.09.2011 6,71MB 1.51.1.1800
Medieval CUE Splitter Medieval Software 30.06.2011 1,66MB 1.2.0
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.08.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 13.06.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.09.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 15.09.2010 24,5MB 4.0.30319
Microsoft Office Enterprise 2007 Microsoft Corporation 17.11.2009 626MB 12.0.6425.1000
Microsoft Office File Validation Add-In Microsoft Corporation 29.06.2011 7,92MB 14.0.5130.5003
Microsoft Silverlight Microsoft Corporation 15.06.2011 20,3MB 4.0.60531.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 02.08.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 01.05.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.09.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 10.09.2011 11,0MB 10.0.30319
Microsoft Works Microsoft Corporation 18.12.2010 377MB 9.7.0621
Mozilla Firefox 6.0.2 (x86 de) Mozilla 10.09.2011 34,4MB 6.0.2
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 12.08.2008 1,28MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.02.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.11.2009 1,34MB 4.20.9876.0
myphotobook 3.6 myphotobook 30.01.2009 18,7MB 3.6
NetWaiting BVRP Software, Inc 30.01.2009 5,23MB 2.5.52
Nmap 5.51 10.09.2011 33,9MB
OpenOffice.org Installer 1.0 Sun Microsystems 18.03.2009 2,39MB 1.0.9221
Paint.NET v3.5.5 dotPDN LLC 27.09.2010 10,2MB 3.55.0
Pfanneberg HOTEL - RESTAURANT - KÜCHE 16.02.2009 36,0MB
Picasa 2 Google, Inc. 30.01.2009 35,3MB 2.0
QuickTime Apple Inc. 15.09.2010 73,7MB 7.68.75.0
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 12.08.2008 1,50MB 1.00.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.01.2009 21,6MB 6.0.1.5599
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 12.08.2008 3,07MB
RedMon - Redirection Port Monitor 05.09.2011
Skype™ 5.2 Skype Technologies S.A. 29.03.2011 24,6MB 5.2.113
Sony Ericsson Media Manager 1.1 Sony Ericsson 13.05.2009 62,8MB 1.1.550
Spybot - Search & Destroy Safer Networking Limited 10.09.2011 63,4MB 1.6.2
Synaptics Pointing Device Driver Synaptics 15.09.2010 13,9MB 11.2.4.0
TomTom HOME 2.8.2.2264 TomTom 06.09.2011 49,0MB 2.8.2.2264
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 06.09.2011 1,88MB 1.0.2
TOSHIBA Assist TOSHIBA 12.08.2008 1,17MB 2.01.08
TOSHIBA Benutzerhandbücher TOSHIBA 30.01.2009 4,03MB 7.40
TOSHIBA ConfigFree TOSHIBA Corporation 12.08.2008 73,8MB 7.2.20
TOSHIBA Disc Creator TOSHIBA Corporation 12.08.2008 9,71MB 2.0.1.3
TOSHIBA DVD PLAYER TOSHIBA Corporation 30.01.2009 22,7MB 1.31.14
TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 12.08.2008 1,28MB 1.01.00
TOSHIBA Hardware Setup 30.01.2009 2,98MB 2.00.08
Toshiba Online Product Information TOSHIBA 12.08.2008 5,51MB 1.00.0012
TOSHIBA Recovery Disc Creator TOSHIBA 12.08.2008 2,54MB 2.0.0.1b
TOSHIBA Supervisor Password 30.01.2009 3,00MB 2.00.04
Toshiba TEMPRO Toshiba Europe GmbH 12.08.2008 8,25MB 1.1
TOSHIBA Value Added Package TOSHIBA Corporation 30.01.2009 52,00KB 1.1.24
TRDCReminder TOSHIBA 12.08.2008 0,38MB 1.00.0015
TRORDCLauncher TOSHIBA 12.08.2008 3,35MB 1.0.0.1
Uninstall 1.0.0.1 04.04.2011 31,5MB
Unlocker 1.9.1 Cedrick Collomb 09.09.2011 0,24MB 1.9.1
VirtualCloneDrive Elaborate Bytes 20.11.2010 2,31MB
VLC media player 0.9.8a VideoLAN Team 03.03.2009 60,4MB 0.9.8a
WEB.DE Update WEB.DE 04.02.2010 6,48MB
WER WIRD MILLIONÄR VIERTE EDITION Eidos 11.11.2010 413MB 1.0.0.0000
Windows Media Encoder 9 Series 12.08.2008 13,6MB
WinPcap 4.1.2 CACE Technologies 10.09.2011 0,19MB 4.1.0.2001
WinRAR 20.11.2010 3,79MB
You Don't Know Jack 4 1.00 Take 2 Interactive 11.11.2010 228MB 1.00
OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.09.2011 19:18:04 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Maren\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,94% Memory free 5,94 Gb Paging File | 4,94 Gb Available in Paging File | 83,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 66,63 Gb Free Space | 57,30% Space Free | Partition Type: NTFS Drive E: | 115,13 Gb Total Space | 62,63 Gb Free Space | 54,40% Space Free | Partition Type: NTFS Computer Name: MAREN-PC | User Name: Maren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maren\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll () MOD - C:\Programme\Unlocker\UnlockerCOM.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll () MOD - C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu () MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (jswpsapi) -- C:\Programme\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (LVUVC) Logitech HD Webcam C310(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.11 12:08:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 09:04:49 | 000,000,000 | ---D | M] [2011.09.11 12:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maren\AppData\Roaming\mozilla\Extensions [2011.09.11 12:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.16 11:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.19 07:24:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009.09.04 11:45:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.11 17:57:34 | 000,437,342 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15044 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Maren\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E791555F-956D-4CC0-8383-AD8B50AB6EA2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Maren\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Maren\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3f18da73-f5a8-11df-a464-001e338eb8c0}\Shell - "" = AutoRun O33 - MountPoints2\{3f18da73-f5a8-11df-a464-001e338eb8c0}\Shell\AutoRun\command - "" = D:\ScrabbleAutorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.12 19:11:35 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Maren\Desktop\OTL.exe [2011.09.12 16:54:00 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Roaming\Malwarebytes [2011.09.12 16:53:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.09.12 16:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.12 16:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.12 16:53:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.12 16:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.11 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\Maren\.zenmap [2011.09.11 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap [2011.09.11 21:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2011.09.11 21:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap [2011.09.11 12:20:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.09.11 12:20:42 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.09.11 12:20:37 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.09.11 12:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.09.11 12:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.09.11 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Roaming\Mozilla [2011.09.11 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Local\Mozilla [2011.09.11 12:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.09.11 12:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.09.11 12:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.09.10 23:34:44 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2011.09.10 23:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2011.09.07 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\Maren\Documents\TomTom [2011.09.07 11:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2011.09.07 11:08:58 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Roaming\TomTom [2011.09.07 11:08:58 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Local\TomTom [2011.09.07 11:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2011.09.07 11:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V [2011.09.07 11:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2 [2011.09.07 10:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2011.09.07 10:25:01 | 001,214,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys [2011.09.07 10:16:23 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2011.09.07 10:16:22 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2011.09.07 10:16:22 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2011.09.07 10:14:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2011.09.07 10:14:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2011.09.07 10:14:27 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2011.09.07 10:14:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2011.09.07 10:14:25 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2011.09.07 10:14:25 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011.09.07 10:14:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2011.09.07 10:14:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2011.09.07 10:14:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2011.09.07 10:14:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2011.09.07 10:14:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2011.09.07 10:14:24 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2011.09.07 10:12:51 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.09.07 10:12:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011.09.07 10:06:42 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2011.09.07 10:04:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.09.07 10:04:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.09.07 10:04:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.09.07 10:04:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.09.07 10:04:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.09.07 10:04:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.09.07 10:04:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.09.07 10:04:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.09.07 10:04:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.09.07 10:04:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.09.07 10:04:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.09.07 10:04:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.09.07 10:04:28 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.09.07 10:04:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.09.07 10:04:28 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.09.07 10:04:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.09.07 10:04:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.09.07 10:04:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.09.07 10:04:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.09.07 10:04:27 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.09.07 10:04:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.09.07 10:04:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.09.07 10:04:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.09.07 10:04:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.09.07 10:04:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.09.07 10:04:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.09.07 10:04:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.09.07 10:04:25 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.09.07 10:04:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.09.07 10:04:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.09.07 10:04:25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.09.07 10:04:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.09.07 10:04:25 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.09.07 10:04:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.09.07 10:04:25 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.09.07 10:04:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.09.07 10:04:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.09.07 10:00:49 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.09.07 10:00:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.09.07 10:00:49 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.09.07 10:00:48 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.09.07 10:00:48 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.09.07 10:00:48 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.09.07 10:00:48 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.09.07 10:00:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.09.07 10:00:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.09.07 10:00:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.09.07 10:00:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.09.07 10:00:44 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.09.07 10:00:44 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.09.07 10:00:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.09.07 10:00:44 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.09.07 10:00:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.09.07 10:00:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.09.07 10:00:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.09.07 10:00:43 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.09.07 10:00:43 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.09.07 10:00:43 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.09.07 09:59:56 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.09.07 09:59:56 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.09.07 09:59:56 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.09.07 09:59:56 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.09.07 09:59:55 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.09.07 09:59:55 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.09.07 09:43:14 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.09.07 09:43:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.09.07 09:41:05 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.09.07 09:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.09.07 09:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2011.09.06 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Local\FreePDF_XP [2011.09.06 20:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2011.09.06 20:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP [2011.09.06 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Maren\AppData\Roaming\FreePDF [2011.09.06 20:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.09.06 20:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2011.08.24 11:16:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.12 19:20:23 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.12 19:20:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.12 19:20:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.12 19:20:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.12 19:14:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.12 19:14:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.12 19:13:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.12 19:13:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.12 19:13:28 | 3080,724,480 | -HS- | M] () -- C:\hiberfil.sys [2011.09.12 19:12:10 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Maren\Desktop\OTL.exe [2011.09.12 19:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.12 16:41:42 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.09.12 13:09:39 | 000,293,782 | ---- | M] () -- C:\Users\Maren\Desktop\TROJAN.pdf [2011.09.11 21:13:33 | 000,000,206 | ---- | M] () -- C:\Users\Maren\Documents\cc_20110911_211329.reg [2011.09.11 21:11:22 | 000,002,238 | ---- | M] () -- C:\Users\Maren\Documents\cc_20110911_211102.reg [2011.09.11 17:57:34 | 000,437,342 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.09.11 13:05:23 | 000,003,584 | ---- | M] () -- C:\Users\Maren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.11 12:12:45 | 000,139,298 | ---- | M] () -- C:\Users\Maren\Documents\cc_20110911_121205.reg [2011.09.11 10:10:33 | 000,000,361 | ---- | M] () -- C:\Users\Maren\Desktop\Bilder.lnk [2011.09.11 09:57:52 | 000,000,361 | ---- | M] () -- C:\Users\Maren\Desktop\Lieder.lnk [2011.09.11 09:46:19 | 000,000,680 | ---- | M] () -- C:\Users\Maren\AppData\Local\d3d9caps.dat [2011.09.11 09:31:30 | 000,000,378 | ---- | M] () -- C:\Users\Maren\Desktop\Marens Zeug.lnk [2011.09.07 10:35:48 | 000,405,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.09.07 10:31:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.09.07 10:31:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.09.07 10:04:46 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.09.07 10:04:46 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.09.07 10:04:31 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.09.07 10:04:31 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.09.07 10:04:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.09.07 10:04:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.09.07 10:04:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.09.07 10:04:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.09.07 10:04:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.09.07 10:04:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.09.07 10:04:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.09.07 10:04:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.09.07 10:04:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.09.07 10:04:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.09.07 10:04:28 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.09.07 10:04:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.09.07 10:04:28 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.09.07 10:04:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.09.07 10:04:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.09.07 10:04:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.09.07 10:04:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.09.07 10:04:27 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.09.07 10:04:27 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.09.07 10:04:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.09.07 10:04:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.09.07 10:04:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.09.07 10:04:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.09.07 10:04:26 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.09.07 10:04:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.09.07 10:04:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.09.07 10:04:25 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.09.07 10:04:25 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.09.07 10:04:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.09.07 10:04:25 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.09.07 10:04:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.09.07 10:04:25 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.09.07 10:04:25 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.09.07 10:04:25 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.09.07 10:04:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.09.07 10:04:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.09.07 10:00:49 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.09.07 10:00:49 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.09.07 10:00:49 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.09.07 10:00:48 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.09.07 10:00:48 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.09.07 10:00:48 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.09.07 10:00:48 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.09.07 10:00:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.09.07 10:00:45 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.09.07 10:00:45 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.09.07 10:00:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.09.07 10:00:44 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.09.07 10:00:44 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.09.07 10:00:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.09.07 10:00:44 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.09.07 10:00:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.09.07 10:00:44 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.09.07 10:00:44 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.09.07 10:00:43 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.09.07 10:00:43 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.09.07 10:00:43 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.09.07 09:59:57 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2011.09.07 09:59:56 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.09.07 09:59:56 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.09.07 09:59:56 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.09.07 09:59:56 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.09.07 09:59:55 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.09.07 09:59:55 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.12 16:41:39 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.09.12 13:09:37 | 000,293,782 | ---- | C] () -- C:\Users\Maren\Desktop\TROJAN.pdf [2011.09.11 21:13:31 | 000,000,206 | ---- | C] () -- C:\Users\Maren\Documents\cc_20110911_211329.reg [2011.09.11 21:11:10 | 000,002,238 | ---- | C] () -- C:\Users\Maren\Documents\cc_20110911_211102.reg [2011.09.11 18:19:27 | 3080,724,480 | -HS- | C] () -- C:\hiberfil.sys [2011.09.11 12:12:10 | 000,139,298 | ---- | C] () -- C:\Users\Maren\Documents\cc_20110911_121205.reg [2011.09.11 12:08:10 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.09.11 10:10:33 | 000,000,361 | ---- | C] () -- C:\Users\Maren\Desktop\Bilder.lnk [2011.09.11 09:57:52 | 000,000,361 | ---- | C] () -- C:\Users\Maren\Desktop\Lieder.lnk [2011.09.11 09:31:30 | 000,000,378 | ---- | C] () -- C:\Users\Maren\Desktop\Marens Zeug.lnk [2011.09.11 08:07:49 | 000,003,584 | ---- | C] () -- C:\Users\Maren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.11 08:04:42 | 000,000,680 | ---- | C] () -- C:\Users\Maren\AppData\Local\d3d9caps.dat [2011.09.07 10:31:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.09.07 10:31:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.09.07 10:04:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.09.06 20:34:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.09.06 20:34:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.10 19:00:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.14 22:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.05.14 22:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.05.14 22:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.05.14 22:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.09.25 19:48:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.25 19:48:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.20 10:21:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.01 15:24:09 | 000,000,444 | ---- | C] () -- C:\Users\Maren\AppData\Roaming\wklnhst.dat [2009.02.01 14:46:02 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig [2009.01.31 22:21:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.01.31 22:21:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.01.31 22:21:23 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.01.31 22:21:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.08.13 12:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.08.13 12:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.08.13 12:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.08.13 12:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.08.13 12:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.08.13 12:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.08.13 12:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.08.13 12:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.08.13 12:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.08.13 11:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.01.21 09:21:25 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:21:25 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,405,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > 6. OTL - Extra Logfile OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.09.2011 19:18:04 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Maren\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,94% Memory free
5,94 Gb Paging File | 4,94 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 66,63 Gb Free Space | 57,30% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 62,63 Gb Free Space | 54,40% Space Free | Partition Type: NTFS
Computer Name: MAREN-PC | User Name: Maren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B03098-5180-4ADB-96CC-67D003F64B21}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C29F991-9BE2-4C6B-BE31-C3FFFC000640}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1A0961A6-CB27-471A-908C-AA2C31E62137}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D58D6AF-5EC0-4958-8D1F-EBB7BB58B166}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{24D37709-1E05-4432-BB2D-8708FBFE08E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38509971-6DB6-4977-A1C7-3B014D189299}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5211AA95-B036-49CE-9B2F-6FFC46EC2BE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D69CD83-C03A-4F28-A3E2-068D96AFA43A}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{A16B9610-C549-4053-9070-1FB9170A0DD8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A36CF9C0-3657-4FC5-A20D-5C86B0CAF123}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{C116FD9E-D8CC-41EE-B2E8-80206F9E5B7B}" = protocol=17 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"{CD6D4712-8540-4D04-A52D-70B78F898626}" = protocol=6 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"{ED1736E8-42FE-4790-BFF1-DD554FC96C3F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{F6CA42DE-EB70-4DD9-B5E9-9D710C69E2D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{1904CAEB-01E4-406F-B973-986D9024D297}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{4CF5D62B-42EA-43AF-B04A-E2E39E9827AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{75621ED1-0759-4B13-BE8B-0955052321C9}C:\program files\logitech\vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"TCP Query User{7A92C4D2-F9B9-47C4-9522-225F455DE5D5}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{8D1AB6B3-B93C-4786-A148-093AA33185D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{93843E83-91AB-420E-B785-54C663585716}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{091B3E23-9A91-4DAE-9256-C5D537844108}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{2F61927B-F65E-47D2-B5E9-8393DE3C5986}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{3327BD29-186C-40FE-A585-C58F00C4B97C}C:\program files\logitech\vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid\vid.exe |
"UDP Query User{3FBB9D37-5CAF-4304-BD82-B190903AC022}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{965CBA0D-4D2E-44A5-AC5B-DBED6758F8E9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F3B7A822-1EC8-4798-84E2-1AE6C7292797}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{4FE61132-076C-4E13-BE57-B61A87EA07CA}" = DSL Connection Manager
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9781A96F-71AC-4738-984B-5AB597DFE678}" = WER WIRD MILLIONÄR VIERTE EDITION
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Baphomets Fluch - Der Engel des Todes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOTEL - RESTAURANT - KÜCHE" = Pfanneberg HOTEL - RESTAURANT - KÜCHE
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"myphotobook" = myphotobook 3.6
"Nmap" = Nmap 5.51
"Picasa2" = Picasa 2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.8a
"WEB.DE Update" = WEB.DE Update
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2011 11:17:07 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50386108
Error - 09.09.2011 11:17:08 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2011 11:17:08 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50387138
Error - 09.09.2011 11:17:08 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50387138
Error - 09.09.2011 11:17:09 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2011 11:17:09 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50388136
Error - 09.09.2011 11:17:09 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50388136
Error - 09.09.2011 11:17:10 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2011 11:17:10 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50389431
Error - 09.09.2011 11:17:10 | Computer Name = Maren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50389431
[ System Events ]
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 12:53:27 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.09.2011 14:15:38 | Computer Name = Maren-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
7. Hijackthis Log-File HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:32:19, on 12.09.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Maren\Desktop\Programme\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Maren\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\AccVSSvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8231 bytes So das waren die geforderten Logs. Bin mal gespannt was da raus kommt... Viele liebe Grüße & DAAANKE Bartosz |
|
13.09.2011, 07:45
| #4 | ||
| /// Helfer-Team | TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? 1. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 2. → Downloade nun die Offline-Version von Java Version 6 Update 27 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten! deinstalliere: Zitat:
Zitat:
5. Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
[2011.09.12 19:13:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.12 19:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8D69CD83-C03A-4F28-A3E2-068D96AFA43A}" =-
:Commands
[purity]
[emptytemp]
6. reinige dein System mit Ccleaner:
7.
8. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
13.09.2011, 11:10
| #5 |
| | TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? Hallo, hier die Logfiles: 1. OTL Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D69CD83-C03A-4F28-A3E2-068D96AFA43A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D69CD83-C03A-4F28-A3E2-068D96AFA43A}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Maren
->Temp folder emptied: 1268014 bytes
->Temporary Internet Files folder emptied: 1515273 bytes
->Java cache emptied: 61458 bytes
->FireFox cache emptied: 58679396 bytes
->Flash cache emptied: 1957550 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2310 bytes
RecycleBin emptied: 477642 bytes
Total Files Cleaned = 61,00 mb
OTL by OldTimer - Version 3.2.28.0 log created on 09132011_091921
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
2. Super Antispyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/13/2011 at 10:57 AM
Application Version : 5.0.1118
Core Rules Database Version : 7680
Trace Rules Database Version: 5492
Scan type : Complete Scan
Total Scan Time : 00:58:05
Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 653
Memory threats detected : 0
Registry items scanned : 37989
Registry threats detected : 0
File items scanned : 40631
File threats detected : 23
Adware.Tracking Cookie
.invitemedia.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VJ9IB7G.DEFAULT\COOKIES.SQLITE ]
Ansonsten läuft alles wunderbar momentan ohne Auffälligkeiten. Das Einzige wonach ich noch fragen wollte ist eine Datei die immer wieder im CC Cleaner gefunden wird. Ist das normal?? Code:
ATTFilter Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
|
|
14.09.2011, 04:13
| #6 | ||
| /// Helfer-Team | TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun?Zitat:
1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner -> Zeitweise laufen lassen:-> Anleitung Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. reinige dein System mit Ccleaner:
4. wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes: Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung 5. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
__________________ --> TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? |
|
| Themen zu TR/Crypt:Xpack.gen Win.32/Hiloti.gen!D und gefunden und gelöscht was nun? |
| antivir, antivir guard, avira, babylon, bho, bonjour, browser, converter, desktop, ebay, firefox, google, hijack, hijackthis, home, hängt, locker, mp3, plug-in, problem, registry, safer networking, security, senden, software, tr/crypt:xpack.gen, trojaner, viele prozesse, virus, vista, win.32/hiloti.gen!d, windows, windows vista home |
.
Linear-Darstellung
