|
Plagegeister aller Art und deren Bekämpfung: TR/Spy.Web.H und windows-virus w32/Indus.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.09.2011, 13:55 | #1 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Guten Tag, ich glaube ich habe exakt das gleiche Problem wie 'Bitterschoki', welches hier unter dem Titel: *"TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg" zu finden ist. Es wurde gestern von 'kira' beantwortet. Ich habe Fragen zu dem in dem thread beschriebenen Lösungsweg. Ich möchte Sie gerne um Hilfe bitten, habe leider gar keine Ahnung von PCs und Angst, alles noch schlimmer zu machen. Avira hat bei mir am 28.9. um 12:50 Uhr "TR/Spy.Web.H" gefunden und sagt, dass das in Quarantäne ist. Der Befall bezieht sich auf " 'C:\Users\July\AppData\Roaming\Microsoft\Protect\espa.kk'". Außerdem habe ich gerade entdeckt, dass seit 9.7.2010 eine weitere Datei in Quarantäne ist, welche laut Avira den Code des Windows-Virus W32/Induc.A enthält. Hier ist als Quelle: "D:\download\qip8094.exe" angegeben. Mein Laptop hat seit der Meldung von heute die selben Symptome wie in dem oben genannten Thread. Ich habe auch so eine email von "eilservice@deutschepost.de" geöffnet, das ist jedoch schon ca. 2 bis 3 Wochen her. Mein Laptop hat bis heute 12:50 Uhr normal funktioniert. Jedenfalls schien es so. Ich wollte nun, wie in der Antwort im Thread beschrieben, die SWH ausprobieren. Hier meine Fragen dazu: 1. Welches Datum soll ich für die SWH wählen? Der Rechner funktionierte ja bis heute noch, aber infiziert ist er ja möglicherweise schon seit ein paar Wochen? 2. Könnten Sie bei mir, so wie in dem Thread, bitte auch mit dem Systemscan mit OTL und dem CC-Cleaner nachschauen, falls das sinnvoll wäre? 4. Ich bekomme (auch seit heute) immer eine Meldung von Microsoft Windows (kleines Fenster öffnet sich mit): "Catalyst Control Centre: Host application funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist" mit einem Kästchen "Programm schließen". Was ist hier zu tun? Vielen Dank im Voraus! herzliche Grüße, Juliane Geändert von julianes (28.09.2011 um 14:25 Uhr) |
29.09.2011, 07:21 | #2 | |||||
/// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Zitat:
Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Zitat:
Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
29.09.2011, 17:01 | #3 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Hallo kira,
__________________vielen Dank für die schnelle Antwort! Die SWH hat nicht funktioniert, dann habe ich es nochmal mit dem nächstälteren Datum (auch wieder der 27.9.) versucht, was ebenfalls nicht ging. Es heißt, dass die "SWH nicht erfolgreich" war, Systemdateien und Einstellungen nicht geändert wurden. Und dass der Wiederherstellungszeitpunkt während der Wiederherstellung beschädigt oder gelöscht wurde. Nun stehen wieder 5 Wiederherstellungszeitpunkte zur Auswahl, 3 für den 28.9. und 2 für den 29.9.--dies sind die zwei ausgeführten SWHen. Unter Punkt 2. ("sollte die SWH nicht funktionieren.."), was ist da bitte mit "Verwenden der letzten als funktionierend bekannten Konfiguration" gemeint? Wenn ich das anklicke, öffnet sich ein Fenster mit den Trojaner-Board Forenregeln. Sollte ich jetzt bei Punkt 3 weitermachen? Bitte um Hilfe. Vielen Dank und viele Grüße, Juliane |
30.09.2011, 04:26 | #4 | |
/// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.AZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
30.09.2011, 06:12 | #5 |
| TR/Spy.Web.H und windows-virus w32/Indus.A genau. danke, ich werde das versuchen. |
30.09.2011, 15:02 | #6 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, "Verwenden der letzten als funktionierend bekannten Konfiguration" hat keine Veränderung gebracht. Hier die OTL.Txt Datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2011 15:40:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free 6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe ========== Modules (No Company Name) ========== MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice) DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio) DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions [2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions [2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com [2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com [2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml [2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml [2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml [2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml [2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml [2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml [2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml [2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif [2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src [2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml [2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml [2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml [2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml [2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml [2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software) O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control) O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class) O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class) O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class) O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair [2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN [2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys [2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN [2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo [2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP [2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP [2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP [2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN [2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity [2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll [2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS [2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion [2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery [2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity [2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb [2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus [6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys [2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp [2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys [2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat [2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini [2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll [2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll [2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll [2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL [2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys [2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH [2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich [2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net [2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon [2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner [2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox [2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC [2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate [2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ [2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite [2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon [2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView [2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo [2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX [2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS [2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org [2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera [2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite [2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP [2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung [2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer [2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec [2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin [2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars [2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems [2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Hier die Extras-Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free 6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 1 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | "{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | "{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | "{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | "{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | "{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | "TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1 "{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8 "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery "{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7 "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0 "{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite "{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins "{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New "{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Citavi" = Citavi 2.5 "CyberGhost VPN_is1" = CyberGhost VPN "ENTERPRISE" = Microsoft Office Enterprise 2007 "Exact Audio Copy" = Exact Audio Copy 1.0beta2 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "ICQToolbar" = ICQ Toolbar "Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK) "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "IrfanView" = IrfanView (remove only) "JAP" = JAP "LastFM_is1" = Last.fm 1.5.4.27091 "MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D) "MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D) "MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "OpenVPN" = OpenVPN 2.1_rc21 "Oxford Advanced Genie" = Oxford Advanced Genie "Product_Name" = eText typeSmart "ProInst" = Intel PROSet Wireless "SearchAnonymizer" = SearchAnonymizer "TeamViewer 4" = TeamViewer 4 "TippKönigin_is1" = TippKönigin 5.5 "VLC media player" = VLC media player 0.9.8a "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010 Description = Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700 seconds with 22500 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032 Description = Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010 Description = Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022 Description = Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236 Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen. Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022 Description = Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Hier die Datei des CC-Cleaners: Code:
ATTFilter 7-Zip 4.65 06.02.2009 3,13MB ACUBE UniSSOTray V1.0 13.09.2011 0,74MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.09.2011 10.3.183.7 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 24.07.2011 10.3.181.34 Adobe Reader 8.3.1 Adobe Systems Incorporated 20.09.2011 87,2MB 8.3.1 Ask Toolbar Ask.com 13.06.2011 2,30MB 1.12.2.0 Atheros Client Installation Program Atheros 21.09.2008 10,0MB 7.0 ATI Catalyst Install Manager ATI Technologies, Inc. 18.09.2008 13,7MB 3.0.682.0 Audiograbber 1.83 SE Audiograbber Deutschland 07.02.2009 1.83 SE Avira AntiVir Personal - Free Antivirus Avira GmbH 09.08.2011 118,6MB 10.2.0.700 Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 18.09.2008 57,6MB v6.00.11 BurnRecovery MSI 18.09.2008 26,5MB 1.0.0.00610 CCleaner Piriform 29.09.2011 4,07MB 3.11 Cisco EAP-FAST Module Cisco Systems, Inc. 21.09.2008 1,04MB 2.1.6 Cisco LEAP Module Cisco Systems, Inc. 21.09.2008 1,04MB 1.0.12 Cisco PEAP Module Cisco Systems, Inc. 21.09.2008 0,85MB 1.0.13 Citavi 2.5 Academic Software Zurich 30.10.2010 59,3MB 2.5.2.0 CrazyTalk Cam Suite Reallusion 05.02.2009 40,8MB 2.0 CyberGhost VPN CyberGhost S.R.L. 20.09.2011 59,7MB DivX Player DivX, Inc. 28.02.2010 8,43MB 7.2.0 DivX Web Player DivX,Inc. 28.02.2010 2,83MB 1.5.0 Dolby Control Center Dolby 18.09.2008 75,5MB 1.1.0601 Dropbox 27.10.2010 24,0MB 0.7.110 eText typeSmart 02.03.2009 10,4MB Exact Audio Copy 1.0beta2 Andre Wiethoff 18.08.2011 15,4MB 1.0beta2 Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 06.02.2009 6,29MB 2.0.0.1 GMX Internet Explorer Addon 1&1 Mail & Media GmbH 11.05.2011 0,50MB 1.0.1.0 GMX Softwareaktualisierung 1&1 Mail & Media GmbH 02.08.2011 1,44MB 2.0.1.9 GMX Toolbar für Internet Explorer 1&1 Mail & Media GmbH 06.09.2011 2,30MB 1.6.6.1 GMX Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 30.05.2011 2,30MB 1.5.5.0 ICQ 7.5 Build #5242 Banner Remover 1.1 murb.com 20.05.2011 1,55MB ICQ Toolbar ICQ 20.05.2011 3.0.0 ICQ Update Patch 1.7 murb.com 12.10.2010 0,81MB ICQ7.5 ICQ 20.05.2011 33,4MB 7.5 Install MAGIX Goya Base 1.0.2.0 (UK) MAGIX AG 06.02.2009 943MB 1.0.2.0 Intel(R) PROSet/Wireless WiFi Software Intel(R) Corporation 21.09.2008 78,3MB 12.00.0004 Intel® Matrix Storage Manager Intel Corporation 06.02.2009 9,74MB IrfanView (remove only) 17.02.2009 10,3MB JAP JAP-Team 15.09.2011 11,8MB 00.15.001 Java(TM) 6 Update 26 Oracle 27.07.2011 94,9MB 6.0.260 Java(TM) 6 Update 7 Sun Microsystems, Inc. 06.02.2009 138,0MB 1.6.0.70 Last.fm 1.5.4.27091 Last.fm 28.10.2010 18,4MB Live Update 5 MSI 24.07.2011 16,9MB 5.0.064 MAGIX Foto Manager 2006 3.4.0.450 (D) MAGIX AG 06.02.2009 79,1MB 3.4.0.450 MAGIX Goya Base 1.3.1.2 (D) MAGIX AG 06.02.2009 170,3MB 1.3.1.2 MAGIX Music Manager 2006 7.4.0.438 (D) MAGIX AG 06.02.2009 86,5MB 7.4.0.438 MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 06.02.2009 9,30MB 2.3.2.0 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 24.02.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 16.02.2009 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 15.07.2010 639MB 12.0.6425.1000 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,92MB 14.0.5130.5003 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.10.2010 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 13.07.2010 1,46MB 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08.05.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161 Mozilla Firefox 6.0.2 (x86 de) Mozilla 07.09.2011 34,4MB 6.0.2 MSI Software Install MSI 18.09.2008 2,07MB 1.0.8.0630 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.02.2009 34,00KB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.02.2009 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 Nero 9 Lite Nero AG 30.04.2010 9,48MB OpenOffice.org 3.0 OpenOffice.org 06.02.2009 348MB 3.0.9379 OpenVPN 2.1_rc21 01.11.2010 3,91MB 2.1_rc21 Oxford Advanced Genie 13.02.2009 245MB Protector Suite QL 5.8 UPEK Inc. 18.09.2008 71,2MB 5.8.2.4489 Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 18.09.2008 1,62MB 1.00.0000 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.09.2008 26,0MB 6.0.1.5636 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 18.09.2008 4,00MB Samsung Kies Samsung Electronics Co., Ltd. 24.07.2011 176,9MB 2.0.1.11053_99 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 24.07.2011 37,1MB 1.3.2410.0 SearchAnonymizer 12.10.2010 0,21MB 1.0.1 (de) Skype Toolbars Skype Technologies S.A. 21.05.2011 5,72MB 5.3.7280 Skype™ 5.3 Skype Technologies S.A. 21.05.2011 22,6MB 5.3.111 Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 26.10.2010 32,5MB 8.0.0 System Control Manager 18.09.2008 4,17MB 2.0208.0826.001.05 System Requirements Lab for Intel Husdawg, LLC 08.01.2011 0,87MB 4.3.16.0 TeamViewer 4 TeamViewer GmbH 06.02.2009 4,76MB TerraTec Home Cinema 13.03.2011 74,6MB 6.20.4 TippKönigin 5.5 Giletech e.K. 19.08.2010 5,24MB Ulead Burn.Now 4.5 SE InterVideo Digital Technology Corporation 05.02.2009 55,3MB 4.5.0 VLC media player 0.9.8a VideoLAN Team 06.02.2009 60,6MB 0.9.8a ZoneAlarm Check Point, Inc 06.02.2009 10,6MB 7.1.254.000 Schöne Grüße, Juliane Geändert von julianes (30.09.2011 um 15:17 Uhr) |
01.10.2011, 06:49 | #7 | ||||
/// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A 1. Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...` Code:
ATTFilter Ask Toolbar - Adware -Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 2. Benötigst unbedingt? wenn nicht deinstalliere: Zitat:
Zitat:
Aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst: → Systemsteuerung → Software → deinstallieren... Zitat:
Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. 5. erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
02.10.2011, 16:28 | #8 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, danke für die Antwort! Habe alle Schritte umgesetzt. Habe gerade zwei neue Virus-Meldungen von Avira reinbekommen: "In der Datei C:\ProgramData\ulHokJiHsVWWMqk.exe wurde ein Virus oder unerwünschtes Programm TR/FakeAV.kcn gefunden" sowie "...in ...C:\ProgramData\6DSS92c31Apgjk.exe .... wurde TR/Sisproc.A.1384" Sie befinden sich jetzt in Quarantäne. Hier die Datei mit den Avira-Funden: Code:
ATTFilter Exportierte Ereignisse: 02.10.2011 17:28 [Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 565 Anzahl Verzeichnisse: 0 Anzahl Malware: 3 Anzahl Warnungen: 2 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:28 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Scanner] Malware gefunden Die Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_USERS\S-1-5-21-676453965-3675783069-989077462-1000\Software\Microsoft\Wind ows\CurrentVersion\Explorer\Shell Folders\Startup> wurde erfolgreich repariert. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4af221fc.qua' verschoben! 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:27 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:26 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:26 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:26 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:26 [Guard] Malware gefunden In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:17 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:16 [Guard] Malware gefunden In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:16 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.10.2011 17:07 [Guard] Malware gefunden In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe' wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2011 15:40:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free 6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe ========== Modules (No Company Name) ========== MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice) DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio) DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions [2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions [2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com [2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com [2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml [2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml [2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml [2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml [2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml [2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml [2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml [2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif [2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src [2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml [2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml [2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml [2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml [2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml [2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software) O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control) O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class) O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class) O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class) O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair [2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN [2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys [2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN [2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo [2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP [2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP [2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP [2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN [2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity [2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll [2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS [2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion [2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery [2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity [2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb [2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus [6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys [2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp [2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys [2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat [2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini [2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll [2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll [2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll [2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL [2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys [2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH [2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich [2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net [2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon [2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner [2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox [2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC [2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate [2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ [2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite [2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon [2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView [2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo [2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX [2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS [2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org [2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera [2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite [2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP [2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung [2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer [2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec [2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin [2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars [2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems [2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL-Extras Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free 6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 1 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | "{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | "{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | "{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | "{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | "{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | "TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1 "{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8 "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery "{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7 "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0 "{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite "{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins "{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New "{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Citavi" = Citavi 2.5 "CyberGhost VPN_is1" = CyberGhost VPN "ENTERPRISE" = Microsoft Office Enterprise 2007 "Exact Audio Copy" = Exact Audio Copy 1.0beta2 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "ICQToolbar" = ICQ Toolbar "Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK) "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "IrfanView" = IrfanView (remove only) "JAP" = JAP "LastFM_is1" = Last.fm 1.5.4.27091 "MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D) "MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D) "MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "OpenVPN" = OpenVPN 2.1_rc21 "Oxford Advanced Genie" = Oxford Advanced Genie "Product_Name" = eText typeSmart "ProInst" = Intel PROSet Wireless "SearchAnonymizer" = SearchAnonymizer "TeamViewer 4" = TeamViewer 4 "TippKönigin_is1" = TippKönigin 5.5 "VLC media player" = VLC media player 0.9.8a "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010 Description = Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700 seconds with 22500 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032 Description = Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010 Description = Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022 Description = Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236 Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen. Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022 Description = Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Vielen Dank für die Hilfe! Geändert von julianes (02.10.2011 um 17:06 Uhr) |
03.10.2011, 15:34 | #9 |
/// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Fixen mit OTL
Code:
ATTFilter :OTL PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.gmx.net/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/" [2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com [2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml [2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml [2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml [2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml [2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml [2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml [2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml [2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif [2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml [2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software) O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control) O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class) O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class) O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class) O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class) O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a [2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair [2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe :Reg "TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" =- "UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" =- :Commands [purity] [emptytemp]
2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
5. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (03.10.2011 um 16:05 Uhr) |
04.10.2011, 16:29 | #10 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, hier die Ergebnisse: 1. Fixen mit OTL Code:
ATTFilter ========== OTL ========== No active process named Updater.exe was found! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "hxxp://www.gmx.de/" removed from browser.startup.homepage Folder C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com\ not found. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml moved successfully. C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found. File C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found. File C:\Program Files\GMX Toolbar\IE\uitb.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ not found. File C:\Program Files\GMX Toolbar\IE\uitb.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found. File C:\Program Files\GMX Toolbar\IE\uitb.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kwlfon deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uIHokJiHsVWWMqk.exe not found. File C:\ProgramData\uIHokJiHsVWWMqk.exe not found. Starting removal of ActiveX control {08631890-6059-4255-B37F-F23AD334D122} C:\Windows\Downloaded Program Files\ACUBEActiveXUninstallControl.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08631890-6059-4255-B37F-F23AD334D122}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ not found. Starting removal of ActiveX control {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} C:\Windows\Downloaded Program Files\NMPCertX.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found. Starting removal of ActiveX control {3D64E58D-CB55-4344-B809-CFE38F900838} C:\Windows\Downloaded Program Files\MagicLoaderX.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found. Starting removal of ActiveX control {5441F297-BB6C-4D6C-9E05-4FD14D96B605} C:\Windows\Downloaded Program Files\IE8Tools.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found. Starting removal of ActiveX control {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} C:\Windows\Downloaded Program Files\UniSSOCheck.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found. Starting removal of ActiveX control {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} C:\Windows\Downloaded Program Files\MagicPassX.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28bfba81-5345-11de-90e2-002185560a86}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found. File H:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\LaunchU3.exe -a not found. C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair folder moved successfully. File C:\ProgramData\6DSS92c31Apgjk.exe not found. File C:\ProgramData\uIHokJiHsVWWMqk.exe not found. C:\Users\July\AppData\Roaming\EurekaLog folder moved successfully. C:\ProgramData\~6DSS92c31Apgjk moved successfully. C:\ProgramData\~6DSS92c31Apgjkr moved successfully. C:\ProgramData\6DSS92c31Apgjk moved successfully. File C:\Users\July\Desktop\Data Repair.lnk not found. File C:\ProgramData\uIHokJiHsVWWMqk.exe not found. ========== REGISTRY ========== Registry key Invalid\\"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" \ not found. Registry key Invalid\\"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" \ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: July ->Temp folder emptied: 139569761 bytes ->Temporary Internet Files folder emptied: 144793459 bytes ->Java cache emptied: 775379 bytes ->FireFox cache emptied: 59271239 bytes ->Flash cache emptied: 12691 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1189 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 279440 bytes Windows Temp folder emptied: 61377315 bytes RecycleBin emptied: 93200842 bytes Total Files Cleaned = 476,00 mb OTL by OldTimer - Version 3.2.29.1 log created on 10042011_171513 Files\Folders moved on Reboot... File\Folder C:\Users\July\AppData\Local\Temp\~DF4E5A.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DF54DB.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DF55D3.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DF5F46.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DF5F6F.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DF6AC4.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DF87D5.tmp not found! File\Folder C:\Users\July\AppData\Local\Temp\~DFC6AF.tmp not found! C:\Windows\temp\ZLT0695a.TMP moved successfully. C:\Windows\temp\ZLT0695d.TMP moved successfully. Registry entries deleted on Reboot... |
07.10.2011, 10:45 | #11 |
| TR/Spy.Web.H und windows-virus w32/Indus.A 2. Malwarebytes: Es wurden keine infizierten Objekte gefunden. Bericht: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7891 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 07.10.2011 11:16:10 mbam-log-2011-10-07 (11-16-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 312399 Laufzeit: 2 Stunde(n), 11 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
08.10.2011, 06:26 | #12 |
/// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A weitere Schritte fehlen...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
08.10.2011, 17:17 | #13 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Sorry, ich hatte Verbindungs- und Zeitprobleme. Schritt 3. schien zu funktionieren: am Ende war da das Fenster wo ich hätte auf 'copy' drücken können, jedoch hat sich da der PC aufgehangen und es ging gar nichts mehr, auch nach längerem Warten passierte nichts, also hab ich neu gestartet (leider ohne ein Foto zu machen). leider klappt Schritt 4. nicht: habe mehrmals, angeblich erfolgreich, die mbr.exe runtergeladen. Aber jedesmal, wenn ich dann darauf klicke erscheint ganz kurz ein schwarzes Fenster mit Text drin, was sich aber nach weniger als einer Sekunde direkt wieder schließt und dann nicht mehr aufzufinden ist. 5. Scan mit OTL: Text-Datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2011 15:40:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free 6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe ========== Modules (No Company Name) ========== MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice) DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio) DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions [2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions [2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com [2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com [2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml [2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml [2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml [2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml [2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml [2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml [2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml [2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif [2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src [2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml [2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml [2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml [2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml [2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml [2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software) O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control) O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class) O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class) O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class) O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair [2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN [2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys [2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN [2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo [2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP [2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP [2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP [2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN [2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity [2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll [2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS [2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion [2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery [2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity [2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb [2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus [6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys [2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe [2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp [2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk [2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys [2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat [2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini [2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll [2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll [2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll [2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL [2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys [2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH [2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich [2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net [2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon [2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner [2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox [2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC [2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate [2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog [2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ [2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite [2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon [2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView [2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo [2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX [2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS [2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org [2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera [2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite [2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP [2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung [2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer [2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec [2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin [2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars [2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems [2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras-Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = D:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free 6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 1 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | "{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | "{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | "{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | "{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | "{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | "TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1 "{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8 "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery "{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7 "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0 "{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite "{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins "{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New "{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Citavi" = Citavi 2.5 "CyberGhost VPN_is1" = CyberGhost VPN "ENTERPRISE" = Microsoft Office Enterprise 2007 "Exact Audio Copy" = Exact Audio Copy 1.0beta2 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "ICQToolbar" = ICQ Toolbar "Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK) "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "IrfanView" = IrfanView (remove only) "JAP" = JAP "LastFM_is1" = Last.fm 1.5.4.27091 "MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D) "MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D) "MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "OpenVPN" = OpenVPN 2.1_rc21 "Oxford Advanced Genie" = Oxford Advanced Genie "Product_Name" = eText typeSmart "ProInst" = Intel PROSet Wireless "SearchAnonymizer" = SearchAnonymizer "TeamViewer 4" = TeamViewer 4 "TippKönigin_is1" = TippKönigin 5.5 "VLC media player" = VLC media player 0.9.8a "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013 Description = Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010 Description = Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700 seconds with 22500 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032 Description = Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010 Description = Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022 Description = Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236 Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen. Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022 Description = Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Dankeschön!! Geändert von julianes (08.10.2011 um 17:25 Uhr) |
09.10.2011, 02:49 | #14 |
| TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, ich habe gerade meinen Laptop hochgefahren und jetzt auf einmal ist der ganze Desktop - der Hintergrund ist immer noch schwarz- voll mit word-Dokumenten, die ich auch öffnen kann. Auch die icons für Outlook, Firefox, icq, der Ordner 'eigene Dateien', und noch ein paar mehr sind wieder auf dem Desktop. Die word-Dokumente hatte ich jedoch vorher nicht auf dem Desktop liegen gehabt. Viele Grüße, Juliane |
10.10.2011, 05:48 | #15 | ||
/// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A 1. Zitat:
Zitat:
TDSSKiller von Kaspersky
3. Alte Logfiles löschen! erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu TR/Spy.Web.H und windows-virus w32/Indus.A |
ahnung, appdata, befall, bildschirm, dateien, ebenfalls, email, frage, fragen, fragen zum lösungsweg, guten, heute, infiziert, laptop, microsoft, pcs, problem, probleme, quarantäne, rechner, roaming, schwarzer bildschirm, tr/spy.web.h, voll, woche, worte |