| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: trojaner auf Rechner? Anti-Maleware findet nichts...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.12.2011, 11:15
| #1 |
 |  trojaner auf Rechner? Anti-Maleware findet nichts... Hallo zusammen, es scheint so, als haette ich einen Trojaner oder aehnliches auf meinem Laptop. Meine appleID wurde bereits gehackt und mir wurden somit gleich mal 100Euro gestohlen. Ich habe alle Anti-Malewareprogramme, die ich auf dem PC habe, durchlaufen lassen, habe aber nichts gefunden. Heute bekomme ich beim Starten des Laptops eine Fehlermeldung mit C:\users\owner\AppData\Local\Temp\launch-3.ica und dass ein Download fehlgeschlagen sei, da die Quelldatei nicht gelesen werden konnte. Koennt ihr mir vielleicht weiterhelfen? Ich traue mich grade fast nurnoch offline zu arbeiten, was fast unmoeglich ist. Ich habe zwar Passwoerter alle geaendert, aber das natuerlich mit dem gleichen Laptop... Ich hoffe, ihr koennt mir weiterhelfen. Gruesse Sask |
|
12.12.2011, 15:51
| #2 |
| /// Malware-holic   | trojaner auf Rechner? Anti-Maleware findet nichts... hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
13.12.2011, 13:19
| #3 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... Hey
__________________ich habe alles so gemacht, wie du es gesagt hast. Hier ist das Ergebnis: Code:
ATTFilter OTL logfile created on: 13.12.2011 11:18:42 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sask\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,94% Memory free 6,15 Gb Paging File | 4,66 Gb Available in Paging File | 75,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,22 Gb Total Space | 161,63 Gb Free Space | 56,08% Space Free | Partition Type: NTFS Computer Name: SASK-PC | User Name: Sask | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.12 16:53:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sask\Desktop\OTL.exe PRC - [2011.10.08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011.10.08 17:34:22 | 004,441,944 | ---- | M] (IObit) -- C:\Programme\IObit\IObit Malware Fighter\IMF.exe PRC - [2011.07.09 18:11:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.27 18:41:01 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.18 15:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.03.23 23:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009.01.21 09:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.01.21 09:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.01.19 11:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgr.exe PRC - [2009.01.19 11:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgrSub.exe PRC - [2009.01.14 12:38:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.12.21 22:30:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\LANUtil.exe PRC - [2008.12.21 20:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\NSUService.exe PRC - [2008.12.19 14:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMgr.exe PRC - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMService.exe PRC - [2008.12.18 11:18:58 | 000,874,344 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008.12.18 09:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Programme\sony\ISB Utility\ISBMgr.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2011.11.06 16:26:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll MOD - [2011.11.06 16:26:41 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll MOD - [2011.11.06 16:26:39 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll MOD - [2011.11.06 16:26:36 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll MOD - [2011.11.06 16:26:34 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll MOD - [2011.11.06 16:24:44 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.11.06 16:24:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.11.06 16:02:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.11.06 16:02:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.11.06 16:01:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.11.06 15:59:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.11.06 15:57:25 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2009.03.05 11:34:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll MOD - [2009.03.05 11:34:47 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll MOD - [2009.01.06 21:14:43 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.04 03:02:58 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (0130311315578914mcinstcleanup) McAfee Application Installer Cleanup (0130311315578914) SRV - [2011.10.08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011.07.09 18:11:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 18:41:01 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.04.01 13:21:30 | 000,365,072 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009.03.25 16:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009.03.25 10:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009.03.23 23:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009.03.19 10:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2009.01.21 09:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.01.21 09:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.01.21 09:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.01.20 10:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.01.20 10:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.01.20 10:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.01.20 10:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.01.20 10:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.01.19 15:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.01.19 11:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2009.01.16 20:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.01.14 12:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.01.09 10:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009.01.09 08:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009.01.09 07:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009.01.07 23:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008.12.21 20:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.10.08 17:04:26 | 000,018,768 | ---- | M] () [File_System | On_Demand | Running] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor) DRV - [2011.09.20 14:28:42 | 000,019,792 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter) DRV - [2011.09.20 14:28:36 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter) DRV - [2011.07.09 18:11:51 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.09 18:11:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.25 10:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.03.25 10:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.03.25 10:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.03.25 10:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.03.25 10:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.06 21:14:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.11.19 01:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.10.23 12:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2008.10.23 01:02:29 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.10.23 01:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.10.23 01:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.04.24 13:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2008.01.25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: wikipediatoolbar@wikipedia.org:0.5.9 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=jF2SRaxu&q=" FF - user.js..browser.search.selectedEngine: "Search" FF - user.js..keyword.URL: "hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=jF2SRaxu&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sask\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.16 14:59:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.16 10:37:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.31 22:25:43 | 000,000,000 | ---D | M] [2009.10.04 19:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sask\AppData\Roaming\mozilla\Extensions [2009.10.04 19:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sask\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011.11.06 18:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sask\AppData\Roaming\mozilla\Firefox\Profiles\eigwg0ni.default\extensions [2011.03.30 14:43:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sask\AppData\Roaming\mozilla\Firefox\Profiles\eigwg0ni.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.17 11:41:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sask\AppData\Roaming\mozilla\Firefox\Profiles\eigwg0ni.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.21 20:48:47 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Sask\AppData\Roaming\mozilla\Firefox\Profiles\eigwg0ni.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.01.24 18:38:16 | 000,000,000 | ---D | M] (Wikipedia Toolbar) -- C:\Users\Sask\AppData\Roaming\mozilla\Firefox\Profiles\eigwg0ni.default\extensions\wikipediatoolbar@wikipedia.org [2011.08.13 18:41:05 | 000,001,330 | ---- | M] () -- C:\Users\Sask\AppData\Roaming\Mozilla\Firefox\Profiles\eigwg0ni.default\searchplugins\wikipedia-en.xml [2011.11.16 10:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\SASK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIGWG0NI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.16 10:37:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.13 08:27:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.13 08:27:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.13 08:27:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.13 08:27:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.13 08:27:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.13 08:27:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2010.09.13 20:43:52 | 000,419,188 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14467 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sask\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB88951-945D-4CFC-B9DA-725BBC986932}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Sask\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sask\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2095345f-47a8-11de-ba46-001dbaeaf55f}\Shell\AutoRun\command - "" = G:\Menu.exe O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk - C:\Programme\phase-6\phase-6\reminder\reminder.exe - (phase-6) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: ClipIncSrvTray - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) MsConfig - StartUpReg: McENUI - hkey= - key= - C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.13 11:14:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sask\Desktop\OTL.exe [2011.12.10 23:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [2011.12.10 23:35:17 | 000,000,000 | ---D | C] -- C:\Users\Sask\AppData\Roaming\IObit [2011.12.10 23:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2011.11.24 14:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.18 09:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.18 09:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod ========== Files - Modified Within 30 Days ========== [2011.12.13 11:17:28 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.13 11:17:28 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.13 11:17:28 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.13 11:17:28 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.13 11:16:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.13 11:16:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.13 11:13:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.12 20:52:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.12 16:53:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sask\Desktop\OTL.exe [2011.12.12 08:05:47 | 000,021,447 | ---- | M] () -- C:\Users\Sask\Desktop\trojaner.dib [2011.12.12 06:46:20 | 000,188,061 | ---- | M] () -- C:\Users\Sask\Desktop\Unbenannt.jpg [2011.12.11 08:33:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.11 08:33:37 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\PersonalAV.job [2011.12.11 08:32:55 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys [2011.12.11 08:31:23 | 000,038,823 | ---- | M] () -- C:\Windows\System32\Config.MPF [2011.12.10 23:35:24 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk [2011.12.05 08:35:57 | 239,810,345 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.11.18 09:32:29 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.15 15:21:27 | 000,001,151 | ---- | M] () -- C:\Users\Sask\Desktop\Die Sims 3.lnk ========== Files Created - No Company Name ========== [2011.12.12 08:05:47 | 000,021,447 | ---- | C] () -- C:\Users\Sask\Desktop\trojaner.dib [2011.12.12 06:46:19 | 000,188,061 | ---- | C] () -- C:\Users\Sask\Desktop\Unbenannt.jpg [2011.12.10 23:35:24 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk [2011.11.18 09:32:29 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.15 15:21:27 | 000,001,151 | ---- | C] () -- C:\Users\Sask\Desktop\Die Sims 3.lnk [2010.08.10 15:45:43 | 000,000,552 | ---- | C] () -- C:\Users\Sask\AppData\Local\d3d8caps.dat [2010.03.18 10:26:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.10 13:36:28 | 000,116,317 | ---- | C] () -- C:\Users\Sask\AppData\Roaming\UserTile.png [2009.09.03 17:08:25 | 000,000,141 | ---- | C] () -- C:\Windows\wininit.ini [2009.07.12 14:11:02 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.06.15 18:10:55 | 000,058,368 | ---- | C] () -- C:\Users\Sask\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.02 17:04:24 | 000,001,260 | ---- | C] () -- C:\Users\Sask\AppData\Roaming\wklnhst.dat [2009.04.01 13:59:43 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.03.05 18:22:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.03.05 18:22:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2009.03.05 18:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.03.05 18:22:18 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.03.05 18:22:18 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2009.03.05 10:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.03.05 09:48:25 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.05 09:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 08:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,329,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll ========== LOP Check ========== [2011.02.12 19:47:57 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\.minecraft [2009.09.03 17:41:13 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\Ashampoo [2011.08.30 14:26:15 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\Bioshock [2011.10.13 09:40:43 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\DVDVideoSoft [2011.04.07 15:21:00 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.12 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\Engelmann Media [2011.09.12 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\gtk-2.0 [2011.10.20 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\ICAClient [2010.01.17 14:41:11 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\ICQ [2009.07.14 17:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\InterVideo [2011.12.10 23:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\IObit [2009.05.25 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\Phase6 [2009.06.02 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\Template [2009.09.03 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\Sask\AppData\Roaming\Tobit [2011.04.15 00:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2011.03.01 00:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2011.12.11 08:33:37 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\PersonalAV.job [2011.12.11 08:31:32 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.05.23 17:01:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.03.05 18:21:35 | 000,000,000 | -HSD | M] -- C:\Boot [2009.08.21 17:07:50 | 000,000,000 | ---D | M] -- C:\CrashReport [2011.01.12 10:13:58 | 000,000,000 | ---D | M] -- C:\Delphi [2009.04.01 14:07:04 | 000,000,000 | ---D | M] -- C:\Documentation [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.23 16:54:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.11 13:04:34 | 000,000,000 | ---D | M] -- C:\gPotato [2009.04.01 13:37:41 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.10 23:34:59 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.29 16:31:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.05.23 16:54:43 | 000,000,000 | -HSD | M] -- C:\Programme [2011.08.29 16:34:41 | 000,000,000 | ---D | M] -- C:\SEED9 [2009.11.20 17:41:19 | 000,000,000 | ---D | M] -- C:\Sony Corporation [2011.12.13 11:23:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.23 16:58:24 | 000,000,000 | R--D | M] -- C:\Users [2011.12.05 08:35:57 | 000,000,000 | ---D | M] -- C:\Windows [2009.04.01 14:07:04 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys [2008.04.22 01:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.10.05 11:31:21 | 000,002,101 | ---- | M] () -- C:\Users\Sask\.recently-used.xbel [2009.10.15 13:21:53 | 000,000,033 | ---- | M] () -- C:\Users\Sask\41 30.txt [2010.07.11 13:04:10 | 470,233,249 | ---- | M] () -- C:\Users\Sask\Aika_AshesOfBetrayal.exe [2010.01.21 11:38:23 | 000,000,032 | ---- | M] () -- C:\Users\Sask\ATT00001.txt [2010.04.22 13:14:56 | 1052,725,273 | ---- | M] (VTCOnline ) -- C:\Users\Sask\BandMaster_Full_1.07.exe [2010.06.11 10:18:48 | 007,335,936 | ---- | M] () -- C:\Users\Sask\Big Bang- Lie Audio MP3 & DL.mp3 [2010.03.19 08:02:52 | 000,104,493 | ---- | M] () -- C:\Users\Sask\bla.jpg [2011.02.20 20:57:06 | 013,315,129 | ---- | M] () -- C:\Users\Sask\Blok 2.4B Rekenen.zip [2010.02.06 15:52:14 | 000,030,233 | ---- | M] () -- C:\Users\Sask\Clovis_afr_2009.pdf [2010.02.06 15:49:54 | 000,050,017 | ---- | M] () -- C:\Users\Sask\Clovis_briefafr_2009.pdf [2010.02.06 15:51:54 | 000,357,243 | ---- | M] () -- C:\Users\Sask\Clovis_totaalafrek_2009.pdf [2009.06.12 15:02:08 | 000,047,616 | ---- | M] () -- C:\Users\Sask\Concept huurovereenkomst Saskia.doc [2010.04.26 14:00:54 | 000,181,448 | ---- | M] () -- C:\Users\Sask\Covington_schizo_lang.pdf [2009.09.14 20:09:03 | 000,000,081 | ---- | M] () -- C:\Users\Sask\CTX.DAT [2009.06.10 18:33:27 | 000,342,357 | ---- | M] () -- C:\Users\Sask\DSC_0011[1] [2010.03.17 16:49:15 | 001,695,205 | ---- | M] () -- C:\Users\Sask\Echo of Dawn (Sequel to Echo of Dusk) - VOL 2 by fi_chan.pdf [2011.02.22 18:46:12 | 003,621,655 | ---- | M] () -- C:\Users\Sask\fellous_ledoux_2005.pdf [2009.09.15 18:55:12 | 000,107,983 | ---- | M] () -- C:\Users\Sask\Foto.jpg [2010.03.07 18:39:40 | 007,802,880 | ---- | M] () -- C:\Users\Sask\G-Dragon - 1 Year Station.mp3 [2010.03.07 18:36:38 | 007,305,216 | ---- | M] () -- C:\Users\Sask\G-Dragon- Heartbreaker.mp3 [2010.10.27 17:19:34 | 020,240,744 | ---- | M] (The GIMP Team ) -- C:\Users\Sask\gimp-2.6.11-i686-setup.exe [2011.02.08 21:02:56 | 003,644,416 | ---- | M] () -- C:\Users\Sask\hamachi20389.msi [2010.01.21 11:37:59 | 000,547,694 | ---- | M] () -- C:\Users\Sask\Handbook Writing Skills.pdf [2011.06.15 13:02:17 | 000,546,083 | ---- | M] () -- C:\Users\Sask\Harvest Moon GB.zip [2009.06.01 14:39:49 | 000,028,591 | ---- | M] () -- C:\Users\Sask\IHK - Azubi.pdf [2009.10.01 10:40:52 | 000,028,917 | ---- | M] () -- C:\Users\Sask\img-X01080727-0001.pdf [2010.03.15 23:19:10 | 000,998,699 | ---- | M] () -- C:\Users\Sask\IMG_0169 in schön xD.jpg [2010.03.15 23:17:23 | 001,303,992 | ---- | M] () -- C:\Users\Sask\IMG_0169.JPG [2009.09.15 18:58:31 | 000,558,686 | ---- | M] () -- C:\Users\Sask\IMG_0197.JPG [2009.09.21 19:05:32 | 000,686,184 | ---- | M] () -- C:\Users\Sask\IMG_0206.JPG [2009.09.11 21:02:43 | 000,048,640 | ---- | M] () -- C:\Users\Sask\Keukendienst&huisregels&gegevens.doc [2010.03.17 16:41:28 | 000,075,991 | ---- | M] () -- C:\Users\Sask\lol.jpg [2009.09.21 16:22:10 | 000,778,543 | ---- | M] () -- C:\Users\Sask\Manual_Wireless_WinVista_UK.pdf [2010.04.08 20:29:01 | 000,012,871 | ---- | M] () -- C:\Users\Sask\math08.jpg [2009.09.23 10:34:22 | 004,734,952 | ---- | M] () -- C:\Users\Sask\Miss Platnum - Drink Sister Drink.mp3 [2009.12.02 10:13:02 | 000,767,251 | ---- | M] () -- C:\Users\Sask\Mitchell-Theory.pdf [2011.12.13 11:18:37 | 007,077,888 | -HS- | M] () -- C:\Users\Sask\NTUSER.DAT [2011.12.13 11:18:37 | 000,262,144 | -H-- | M] () -- C:\Users\Sask\ntuser.dat.LOG1 [2009.05.23 16:58:25 | 000,000,000 | -H-- | M] () -- C:\Users\Sask\ntuser.dat.LOG2 [2011.12.11 08:31:11 | 000,065,536 | -HS- | M] () -- C:\Users\Sask\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.12.11 08:31:11 | 000,524,288 | -HS- | M] () -- C:\Users\Sask\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.05.23 20:51:03 | 000,524,288 | -HS- | M] () -- C:\Users\Sask\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.05.23 16:58:25 | 000,000,020 | -HS- | M] () -- C:\Users\Sask\ntuser.ini [2009.08.01 14:04:16 | 000,005,707 | ---- | M] () -- C:\Users\Sask\nummer.jpg [2009.05.25 10:14:17 | 000,000,013 | ---- | M] () -- C:\Users\Sask\otto.txt [2009.05.25 17:05:09 | 000,768,131 | ---- | M] () -- C:\Users\Sask\p6v21_unlock_db_tool.exe [2009.05.25 16:59:31 | 040,417,305 | ---- | M] () -- C:\Users\Sask\phase-6-2.1.1-cd-setup.exe [2009.05.25 17:08:24 | 000,000,906 | ---- | M] () -- C:\Users\Sask\phase-6.lnk [2011.04.25 19:05:41 | 000,046,076 | ---- | M] () -- C:\Users\Sask\Pokécake.jpg [2010.02.25 23:53:53 | 000,013,824 | ---- | M] () -- C:\Users\Sask\problemstelling (ohne schablone).abk [2010.12.15 10:03:39 | 006,594,048 | ---- | M] () -- C:\Users\Sask\Reasoning with ComediansFINAL.ppt [2010.06.28 13:25:31 | 000,010,370 | ---- | M] () -- C:\Users\Sask\Resits FPN 2009-2010.pdf [2010.05.19 12:06:47 | 002,722,782 | ---- | M] () -- C:\Users\Sask\rev-108-2-291.pdf [2010.02.15 00:41:26 | 000,081,105 | ---- | M] () -- C:\Users\Sask\s,profil,fotoalbum,foto.jpg [2010.03.21 21:01:55 | 000,109,189 | ---- | M] () -- C:\Users\Sask\S7301250 - Kopie.jpg [2010.05.28 11:44:43 | 006,742,016 | ---- | M] () -- C:\Users\Sask\TIARA_T-ARA & SUPERNOVA - TTL [OFFICIAL HD MV + ENG SUB].mp3 [2010.03.29 13:12:45 | 000,004,831 | ---- | M] () -- C:\Users\Sask\timme.jpg [2010.03.29 13:15:52 | 000,033,467 | ---- | M] () -- C:\Users\Sask\timme2.jpg [2010.02.26 22:23:15 | 000,046,850 | ---- | M] () -- C:\Users\Sask\Unbenannt (1).jpg [2010.03.19 07:32:12 | 000,101,343 | ---- | M] () -- C:\Users\Sask\Unbenannt (2).jpg [2010.05.27 17:30:37 | 000,043,467 | ---- | M] () -- C:\Users\Sask\Unbenannt (3).jpg [2010.07.19 23:26:25 | 000,079,572 | ---- | M] () -- C:\Users\Sask\Unbenannt (4).jpg [2010.02.16 19:02:26 | 000,005,534 | ---- | M] () -- C:\Users\Sask\Unbenannt.jpg [2011.06.15 12:50:51 | 000,659,797 | ---- | M] () -- C:\Users\Sask\VisualBoyAdvance-1.8.0-beta3.zip [2010.03.30 17:05:31 | 000,064,512 | ---- | M] () -- C:\Users\Sask\voorbeeld artikel 1 06-07.doc [2010.03.30 22:37:34 | 000,510,976 | ---- | M] () -- C:\Users\Sask\voorbeeld artikel 2 06-07.doc [2009.11.20 12:34:44 | 000,051,712 | ---- | M] () -- C:\Users\Sask\Write1.aww [2010.02.23 17:24:23 | 000,082,729 | ---- | M] () -- C:\Users\Sask\wtf.jpg [2010.06.11 09:48:19 | 007,479,296 | ---- | M] () -- C:\Users\Sask\YouTube- Owl City New Song- Fireflies HQ Lyrics Download.mp3 [2010.03.26 11:42:22 | 000,033,874 | ---- | M] () -- C:\Users\Sask\yummy.jpg [2010.05.28 11:44:16 | 006,174,720 | ---- | M] () -- C:\Users\Sask\[Full Audio+DL] Kara - Mister [2009.07.30].mp3 < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.12.2011 11:18:42 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sask\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,94% Memory free
6,15 Gb Paging File | 4,66 Gb Available in Paging File | 75,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 161,63 Gb Free Space | 56,08% Space Free | Partition Type: NTFS
Computer Name: SASK-PC | User Name: Sask | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD50D4F-9AC5-4CA1-8F8C-A8CB2D6B7F0D}" = rport=138 | protocol=17 | dir=out | app=system |
"{10E632CA-49D6-422F-8549-89A686D4A501}" = rport=445 | protocol=6 | dir=out | app=system |
"{2D7E65A1-8432-4677-9896-E07EAD0CEB0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B560DE6-8E80-4BAB-A730-D3CA540DC18C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4341B3A0-86A0-4AF6-82C1-025D036E3F8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{549793B0-D168-4782-82C2-65361520F441}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79B40AA1-B07C-43B0-B722-BC39F36A1341}" = lport=139 | protocol=6 | dir=in | app=system |
"{991EDF7E-FEA2-4D1B-A568-B99519197716}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1C40AE2-DC59-4E43-BE1B-8B64B46D6E2C}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED0B0391-495A-4BD3-9232-36ABF3CFBBEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FAF243F0-6D95-489E-9000-A6FCCAD55FA1}" = lport=137 | protocol=17 | dir=in | app=system |
"{FDD720E1-D802-4A32-A115-ECD0ABE56D94}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{295A6EFC-FE86-4C71-9E3A-C7FD7314CEF2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3C4DFCC1-A19D-4780-A42C-542D62DC967C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E091278-13ED-4916-A63E-0833508928D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AD1DC8D-84DE-41C6-A25F-787BAA4D8949}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{63A14E62-511D-4B32-BCEC-83D45A3C7033}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{665C6026-13A2-494C-8623-094E568F5716}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6FD5EDD3-C076-4480-AC7D-EAF592B6C57D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79C9B4C6-6550-4178-B6B5-1E1769F0BAF1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7C38D646-9BFA-43D9-835D-47D7DE2EAA8A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{97EC17A6-6718-4B64-B92D-E6573A2CE327}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B206A665-F7E8-4762-A869-CC03334380A1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C30D787B-08E8-4519-9A2B-B257EEFCB475}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C6F0839D-31A8-4095-9BE0-4155775F3CE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD6034DD-963E-4E3D-AF02-ECD5C49F9DFD}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D152A2D7-399E-4E09-B424-A9E1194E39D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5D8599D-B2A2-4F7F-AB53-211B83DA59C8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E68E5238-1596-4037-BD34-1A57A93C79DB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E91565A6-9FB8-4D65-9321-044D995C93E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC854BA1-AC94-4709-817D-3219EB096058}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC3B8945-7799-4629-8352-A5469387613E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.36
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office 5.0.36
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD23BA4-EE82-171B-07BD-86D83DB46F8D}_is1" = BandMaster_Full_1.00
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}" = Intel(r) System Information Viewer
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6E9A977-C2C7-4CA0-0001-98605B7C7D3E}" = MyTube Recorder
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2009 Advanced_is1" = Ashampoo Burning Studio 2009 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"Messenger Plus! Live" = Messenger Plus! Live
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"phase-6" = phase-6 2.1.1
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"Revo Uninstaller" = Revo Uninstaller 1.83
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2011 04:11:46 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 132633470
Error - 18.11.2011 04:11:47 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.11.2011 04:11:47 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 132634468
Error - 18.11.2011 04:11:47 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 132634468
Error - 18.11.2011 04:11:48 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.11.2011 04:11:48 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 132635482
Error - 18.11.2011 04:11:48 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 132635482
Error - 18.11.2011 04:11:49 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.11.2011 04:11:49 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 132636590
Error - 18.11.2011 04:11:49 | Computer Name = Sask-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 132636590
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Gruss Sask |
|
15.12.2011, 14:37
| #4 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... Hey, ich hoffe, dass ich nicht gegen Forenregeln verstossen, wenn ich dieses Thema aktualisiere, aber es ist doch schon etwas dringender. Ich weiss grade nicht, ob ich meinen Laptop benutzen kann oder nicht. Ich shcreibe grade an meiner Bachelorarbeit. Im Rahmen dieser fuehre ich eine psychologische Studie durch. Die gesammelten Daten dafuer duerfen auf keinen Fall an Dritte gelangen. Internet nutze ich zur Zeit nur ueber mein Handy oder halt in der Uni. Passwoerter habe ich uebrigens alle nochmal von der Uni aus geaendert. Liebe Gruesse, Sask |
|
15.12.2011, 15:07
| #5 |
| /// Malware-holic | trojaner auf Rechner? Anti-Maleware findet nichts... sorry ich habs übersehen! deinstaliere spybot, nicht mehr sonderlich zeitgemäß außerdem störts die reinigung, neustart. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 17:31
| #6 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... Hey, ist ja kein Problem. Ihr habt hier ja einiges zu tun. Da kann man ja mal was übersehen  Ich hab combofix durchlaufen lassen. Ich dachte, dass ich alles ausgeschaltet hätte, aber von McAfee kamen doch noch Warnungen. Ich poste hier trotzdem mal die Textdatei. Soll ich combofix nochmal durchlaufen lassen mit geschlossenen McAfee? Das Securitycenter davon lässt sich irgendwie nicht mehr öffnen. Vielleicht nach einem Neustart? Naja, ich hoffe, dass es auch so geht, ansonsten probier ich irgendwie mcafee zu deaktivieren und mache alles nochmal. Code:
ATTFilter ComboFix 11-12-16.01 - Sask 16.12.2011 16:51:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.2069 [GMT 1:00]
ausgeführt von:: c:\users\Sask\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
* Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Uninstall
c:\users\Sask\Aika_AshesOfBetrayal.exe
c:\users\Sask\p6v21_unlock_db_tool.exe
c:\users\Sask\phase-6-2.1.1-cd-setup.exe
c:\windows\IsUn0413.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-16 bis 2011-12-16 ))))))))))))))))))))))))))))))
.
.
2011-12-16 16:09 . 2011-12-16 16:11 -------- d-----w- c:\users\Sask\AppData\Local\temp
2011-12-16 16:09 . 2011-12-16 16:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-16 16:09 . 2011-12-16 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 22:35 . 2011-12-10 22:35 -------- d-----w- c:\users\Sask\AppData\Roaming\IObit
2011-12-10 22:34 . 2011-12-10 22:34 -------- d-----w- c:\program files\IObit
2011-11-18 08:31 . 2011-11-18 08:31 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-11-16 09:37 . 2011-05-11 17:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
backup=c:\windows\pss\phase-6 Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 15:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 23:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2009-04-01 12:50 26112 ----a-w- c:\program files\sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-03-25 15:25 645328 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
2009-01-09 12:41 1176808 ----a-w- c:\progra~1\McAfee\MHN\McENUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-12-23 19:18 2642168 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 0130311315578914mcinstcleanup;McAfee Application Installer Cleanup (0130311315578914);c:\windows\TEMP\013031~1.EXE [x]
R2 gupdate1c9eabd28a5930a;Google Update Service (gupdate1c9eabd28a5930a);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 133104]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-09-20 19792]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-16 83240]
R3 XDva296;XDva296;c:\windows\system32\XDva296.sys [x]
R3 XDva321;XDva321;c:\windows\system32\XDva321.sys [x]
R3 XDva344;XDva344;c:\windows\system32\XDva344.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x]
R3 XDva369;XDva369;c:\windows\system32\XDva369.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-10-08 18768]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-12-21 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-09-20 30600]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 17:50]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-11 17:50]
.
2011-04-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-23 08:53]
.
2011-02-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-23 08:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Sask\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sask\AppData\Roaming\Mozilla\Firefox\Profiles\eigwg0ni.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=jF2SRaxu&q=
FF - user.js: keyword.URL - hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=jF2SRaxu&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ClipIncSrvTray - c:\program files\Tobit ClipInc\Player\ClipIncTray.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Google Update - c:\users\Sask\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-16 17:10
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1422611742-3505994787-2363703596-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3d,7c,5b,00,5b,40,e9,4a,f7,27,a2,85,a1,11,56,2e,e3,d3,be,06,0d,67,db,
24,42,fd,90,ab,01,9c,c4,b1,95,8f,b4,85,67,f7,f1,d6,68,ea,b4,7a,f8,a1,95,bf,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-1422611742-3505994787-2363703596-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,b1,d2,a1,57,bb,cc,e9,8f,c8,62,2c,68,da,a4,23,0c,fb,e6,d8,bb,
c1,e1,02,7e,97,9d,2c,72,d7,d7,b4,88,b0,f8,c6,b3,c4,c2,74,a8,9c,e1,65,16,58,\
"rkeysecu"=hex:88,c0,f3,37,84,43,41,03,3d,01,8d,cd,0f,33,39,43
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
Zeit der Fertigstellung: 2011-12-16 17:15:28
ComboFix-quarantined-files.txt 2011-12-16 16:15
.
Vor Suchlauf: 12 Verzeichnis(se), 174.010.712.064 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 176.335.765.504 Bytes frei
.
- - End Of File - - B045C6F5594C0475C2EFCC121C67C51D
Liebe Grüße Sask |
|
16.12.2011, 17:43
| #7 |
| /// Malware-holic | trojaner auf Rechner? Anti-Maleware findet nichts... kannst du die meldungen von mcafee posten?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 17:45
| #8 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... ...die habe ich dummerweise bereits weggeklickt. Die Warnhinweise hatten allerdings alle zum Thema, dass combofix ausgeführt wurde. |
|
16.12.2011, 18:01
| #9 |
| /// Malware-holic | trojaner auf Rechner? Anti-Maleware findet nichts... ok. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 18:18
| #10 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... |
|
16.12.2011, 18:26
| #11 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... edit: keine W'under, dass der nicht aktualisiert. Hatte Internet nicht an... |
|
16.12.2011, 19:30
| #12 |
| /// Malware-holic | trojaner auf Rechner? Anti-Maleware findet nichts... ja bitte. :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2011, 23:31
| #13 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... Hey, es wurde ncihts gefunden. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8381
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
16.12.2011 23:24:33
mbam-log-2011-12-16 (23-24-32).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 365076
Laufzeit: 1 Stunde(n), 59 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Sask |
|
17.12.2011, 15:44
| #14 |
| /// Malware-holic | trojaner auf Rechner? Anti-Maleware findet nichts... öffne start suchen tippe: windows update enter einstellungen updates automatisch instalieren, intervall täglich, uhrzeit wählen, ansonsten alles anhaken außer detailierte benachichtigungen. ok klicken, klicke updates suchen, instaliere wichtige und optionale. es wird neustarts geben, klicke so oft auf updates suchen bis es nichts mehr zu hohlen gibt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2011, 23:09
| #15 |
| | trojaner auf Rechner? Anti-Maleware findet nichts... Guten Abend, So, ih hab jetzt den halben Tag Updates gemacht. Soll ich sonst noch was tun? LG Sask |
|
| Themen zu trojaner auf Rechner? Anti-Maleware findet nichts... |
| appdata, appleid, arbeiten, beim starten, bereits, download, download fehlgeschlagen, euro, fehlermeldung, fehlgeschlagen, gehackt, hallo zusammen, hoffe, laptops, nichts, nurnoch, offline, owner, quelldatei, rechner, schei, starte, starten, temp, troja, trojaner, weiterhelfen, zusammen |
Linear-Darstellung
