|
Plagegeister aller Art und deren Bekämpfung: Windows aus Sicherheitsgründen gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.02.2012, 22:00 | #1 |
| Windows aus Sicherheitsgründen gesperrt Leider hat es mich auch erwischt und windows wurde 'gesperrt'. ich wäre euch sehr dankbar, wenn ihr mir helfen könntet! |
14.02.2012, 22:30 | #2 |
| Windows aus Sicherheitsgründen gesperrt Ich habe schon mal den OTL Scan ausgeführt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2012 22:16:49 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 80,76% Memory free 7,09 Gb Paging File | 6,67 Gb Available in Paging File | 94,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,91 Gb Total Space | 58,92 Gb Free Space | 42,42% Space Free | Partition Type: NTFS Computer Name: LAURA-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.) SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.) DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation) DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (RLDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\livecamv.sys () DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 18:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 16:38:19 | 000,000,000 | ---D | M] [2009.07.11 15:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.02.12 14:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions [2010.05.01 09:39:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.07 17:51:48 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}(126) [2012.01.09 10:50:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(125) [2011.02.15 11:51:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.09 15:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.30 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} () (No name found) -- C:\USERS\LAURA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBG1Y0I.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI [2012.01.04 00:55:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.19 18:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll [2010.05.25 09:38:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.26 20:19:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe () O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKCU..\Run: [ffdwnd] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23841AE8-6C8D-42A4-954D-00ADC665EE9C}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 22:03:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.02.14 14:26:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\a1-Dateien [2012.02.14 14:25:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\2-Dateien [2012.02.14 14:25:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1-Dateien [2012.02.08 10:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.02.08 10:59:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2012.02.08 10:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.02.08 10:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.02.08 10:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.02.08 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.02.08 10:52:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.08 10:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.02.07 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HIST_FR_s5_Renaissance-Dateien [2012.02.07 21:10:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Histoire-Dateien [2012.02.07 21:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\lang-frcs-trav-ages-Dateien [2012.02.07 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\la_renaissance-Dateien [2012.02.07 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\humanisme-Dateien [2012.02.07 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\defendre-Dateien [2012.02.07 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Histoire_de_la_langue_française-Dateien [2012.02.06 09:21:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ranciere [2012.01.27 13:56:44 | 000,000,000 | ---D | C] -- C:\PPFS_Tools [2012.01.27 13:56:44 | 000,000,000 | ---D | C] -- C:\PPFS_Scan3 [2012.01.26 21:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.26 21:14:24 | 000,000,000 | ---D | C] -- C:\PPF_SCAN2 [2012.01.26 20:24:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.01.26 20:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.01.26 20:24:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2012.01.26 20:04:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.26 20:04:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.26 20:04:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.26 20:04:23 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.01.26 20:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.01.20 21:13:57 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.20 18:23:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun [9 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.14 22:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.02.14 21:57:16 | 000,598,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.14 21:57:16 | 000,104,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.14 21:52:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.14 21:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.14 21:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.14 14:30:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.14 14:26:19 | 000,107,316 | ---- | M] () -- C:\Users\***\Desktop\a1.htm [2012.02.14 14:25:50 | 000,107,299 | ---- | M] () -- C:\Users\***\Desktop\2.htm [2012.02.14 14:25:36 | 000,116,014 | ---- | M] () -- C:\Users\***\Desktop\1.htm [2012.02.09 11:20:36 | 000,086,713 | ---- | M] () -- C:\Users\***\Desktop\histoire.pdf [2012.02.07 21:10:11 | 000,116,178 | ---- | M] () -- C:\Users\***\Desktop\HIST_FR_s5_Renaissance.htm [2012.02.07 21:10:06 | 000,022,210 | ---- | M] () -- C:\Users\***\Desktop\Histoire.html [2012.02.07 21:09:58 | 000,017,251 | ---- | M] () -- C:\Users\***\Desktop\lang-frcs-trav-ages.html [2012.02.07 21:09:54 | 000,014,289 | ---- | M] () -- C:\Users\***\Desktop\cm14.html [2012.02.07 21:09:49 | 000,021,883 | ---- | M] () -- C:\Users\***\Desktop\humanisme.html [2012.02.07 21:09:38 | 000,086,713 | ---- | M] () -- C:\Users\***\Desktop\05_histoire_francais.pdf [2012.02.07 21:09:32 | 000,024,078 | ---- | M] () -- C:\Users\***\Desktop\defendre.htm [2012.02.07 21:09:26 | 000,170,907 | ---- | M] () -- C:\Users\***\Desktop\Histoire_de_la_langue_française.htm [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.27 00:04:00 | 000,001,356 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat [2012.01.26 20:19:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.01.22 22:52:05 | 000,052,126 | ---- | M] () -- C:\Users\***\Documents\2D460d01.pdf [2012.01.22 22:49:09 | 000,057,892 | ---- | M] () -- C:\Users\***\Documents\C1AAAd01.pdf [2012.01.20 18:26:45 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.01.16 13:06:03 | 013,415,134 | ---- | M] () -- C:\Users\***\Desktop\iotc_19990211-0900b.mp3 [2012.01.16 13:05:29 | 013,625,340 | ---- | M] () -- C:\Users\***\Desktop\iotc_20000323-0900b.mp3 [2012.01.16 13:04:55 | 019,824,400 | ---- | M] () -- C:\Users\***\Desktop\iotc_20030410-0900a.mp3 [2012.01.16 13:04:46 | 020,324,635 | ---- | M] () -- C:\Users\***\Desktop\iotc_20040212-0900a.mp3 [2012.01.16 13:04:35 | 020,262,743 | ---- | M] () -- C:\Users\***\Desktop\iotc_20041007-0900a.mp3 [2012.01.16 13:01:13 | 020,229,648 | ---- | M] () -- C:\Users\***\Desktop\iotp_20051117-0900a.mp3 [2012.01.16 13:00:53 | 020,300,085 | ---- | M] () -- C:\Users\***\Desktop\iotp_20070208-0900a.mp3 [2012.01.16 13:00:35 | 020,302,257 | ---- | M] () -- C:\Users\***\Desktop\iotp_20080320-0900a.mp3 [2012.01.16 13:00:24 | 020,261,990 | ---- | M] () -- C:\Users\***\Desktop\iotp_20080424-0900a.mp3 [2012.01.16 13:00:10 | 020,260,105 | ---- | M] () -- C:\Users\***\Desktop\iotp_20081106-0900a.mp3 [2012.01.16 12:59:58 | 020,294,261 | ---- | M] () -- C:\Users\***\Desktop\iotp_20090115-0900a.mp3 [2012.01.16 12:59:45 | 020,369,207 | ---- | M] () -- C:\Users\***\Desktop\iotp_20091029-0900a.mp3 [9 C:\Users\Laura\Desktop\*.tmp files -> C:\Users\Laura\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.14 14:26:15 | 000,107,316 | ---- | C] () -- C:\Users\***\Desktop\a1.htm [2012.02.14 14:25:47 | 000,107,299 | ---- | C] () -- C:\Users\***\Desktop\2.htm [2012.02.14 14:25:31 | 000,116,014 | ---- | C] () -- C:\Users\***\Desktop\1.htm [2012.02.09 11:20:36 | 000,086,713 | ---- | C] () -- C:\Users\***\Desktop\histoire.pdf [2012.02.08 10:54:18 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.02.07 21:10:10 | 000,116,178 | ---- | C] () -- C:\Users\***\Desktop\HIST_FR_s5_Renaissance.htm [2012.02.07 21:10:05 | 000,022,210 | ---- | C] () -- C:\Users\***\Desktop\Histoire.html [2012.02.07 21:09:58 | 000,017,251 | ---- | C] () -- C:\Users\***\Desktop\lang-frcs-trav-ages.html [2012.02.07 21:09:54 | 000,014,289 | ---- | C] () -- C:\Users\***\Desktop\cm14.html [2012.02.07 21:09:49 | 000,021,883 | ---- | C] () -- C:\Users\***\Desktop\la_renaissance.htm [2012.02.07 21:09:43 | 000,075,181 | ---- | C] () -- C:\Users\***\Desktop\humanisme.html [2012.02.07 21:09:38 | 000,086,713 | ---- | C] () -- C:\Users\***\Desktop\05_histoire_francais.pdf [2012.02.07 21:09:32 | 000,024,078 | ---- | C] () -- C:\Users\***\Desktop\defendre.htm [2012.02.07 21:09:24 | 000,170,907 | ---- | C] () -- C:\Users\***\Desktop\Histoire_de_la_langue_française.htm [2012.01.26 20:04:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.26 20:04:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.26 20:04:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.01.22 22:52:05 | 000,052,126 | ---- | C] () -- C:\Users\***\Documents\2D460d01.pdf [2012.01.22 22:49:09 | 000,057,892 | ---- | C] () -- C:\Users\***\Documents\C1AAAd01.pdf [2012.01.20 18:26:45 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.01.16 13:05:56 | 013,415,134 | ---- | C] () -- C:\Users\***\Desktop\iotc_19990211-0900b.mp3 [2012.01.16 13:05:23 | 013,625,340 | ---- | C] () -- C:\Users\***\Desktop\iotc_20000323-0900b.mp3 [2012.01.16 13:04:47 | 019,824,400 | ---- | C] () -- C:\Users\***\Desktop\iotc_20030410-0900a.mp3 [2012.01.16 13:04:37 | 020,324,635 | ---- | C] () -- C:\Users\***\Desktop\iotc_20040212-0900a.mp3 [2012.01.16 13:04:27 | 020,262,743 | ---- | C] () -- C:\Users\***\Desktop\iotc_20041007-0900a.mp3 [2012.01.16 13:01:04 | 020,229,648 | ---- | C] () -- C:\Users\***\Desktop\iotp_20051117-0900a.mp3 [2012.01.16 13:00:44 | 020,300,085 | ---- | C] () -- C:\Users\***\Desktop\iotp_20070208-0900a.mp3 [2012.01.16 13:00:27 | 020,302,257 | ---- | C] () -- C:\Users\***\Desktop\iotp_20080320-0900a.mp3 [2012.01.16 13:00:15 | 020,261,990 | ---- | C] () -- C:\Users\***\Desktop\iotp_20080424-0900a.mp3 [2012.01.16 13:00:02 | 020,260,105 | ---- | C] () -- C:\Users\***\Desktop\iotp_20081106-0900a.mp3 [2012.01.16 12:59:49 | 020,294,261 | ---- | C] () -- C:\Users\***\Desktop\iotp_20090115-0900a.mp3 [2012.01.16 12:59:36 | 020,369,207 | ---- | C] () -- C:\Users\***\Desktop\iotp_20091029-0900a.mp3 [2010.11.05 11:39:21 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.05.09 17:04:00 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.01.17 15:38:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.01.03 15:13:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.12.24 16:19:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2009.12.24 16:19:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2009.10.25 14:05:55 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe [2009.10.25 13:58:51 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2009.09.17 11:50:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 11:50:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 11:48:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.01 04:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll [2009.08.23 12:08:07 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys [2009.07.11 21:15:42 | 000,036,352 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.11 13:39:34 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\WavXMapDrive.bat [2009.06.29 16:54:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.06.29 15:38:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2009.05.07 00:51:42 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.05.07 00:51:41 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2009.05.07 00:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.07 00:28:40 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.05.07 00:28:39 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.05.07 00:28:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.05.07 00:28:39 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.05.06 16:16:11 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2009.05.06 16:13:35 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2009.05.06 16:05:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll [2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll [2008.11.08 11:56:48 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll [2008.11.08 11:56:46 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll [2008.11.08 11:56:46 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll [2008.11.08 11:56:44 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll [2008.11.08 11:56:44 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll [2008.11.08 11:56:42 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll [2008.11.08 11:56:42 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll [2008.11.08 11:56:42 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll [2008.11.08 11:56:40 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll [2008.11.08 11:56:40 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll [2008.11.08 11:56:38 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll [2008.11.08 11:56:38 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll [2008.11.08 11:56:34 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll [2008.11.08 11:56:32 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll [2008.11.08 11:56:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll [2008.11.08 11:56:30 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll [2008.11.08 11:56:30 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll [2008.11.08 11:56:30 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll [2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll [2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll [2008.11.08 11:56:28 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll [2008.11.08 11:56:10 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll [2008.11.08 11:56:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll [2008.09.26 07:33:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll [2008.09.24 18:37:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll [2008.09.24 18:37:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll [2008.09.24 18:36:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll [2008.09.24 18:36:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll [2008.09.24 18:36:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll [2008.09.24 18:36:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll [2008.09.24 18:36:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll [2008.09.24 18:35:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll [2008.09.24 18:35:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll [2008.09.24 18:35:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll [2008.09.24 18:35:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll [2008.09.24 18:35:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll [2008.09.24 18:35:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll [2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll [2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll [2008.09.24 18:35:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll [2008.09.24 18:35:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll [2008.09.24 18:35:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll [2008.09.24 18:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll [2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll [2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll [2008.09.24 18:35:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll [2008.09.24 18:35:30 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll [2008.09.24 18:35:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll [2008.09.19 08:51:24 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll [2008.08.22 16:28:12 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll [2008.03.25 09:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll [2008.03.18 13:02:52 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll [2008.02.03 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.19 05:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll [2007.04.19 05:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll [2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,387,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,598,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll [2006.06.30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll [2004.09.10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll [2004.09.10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > UND TEIL 2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2012 22:16:49 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Laura\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 80,76% Memory free 7,09 Gb Paging File | 6,67 Gb Available in Paging File | 94,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,91 Gb Total Space | 58,92 Gb Free Space | 42,42% Space Free | Partition Type: NTFS Computer Name: LAURA-LAPTOP | User Name: Laura | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09BA1906-EA85-4676-8EC8-EE7B7DDD8DA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E38398B-94BB-450E-BC3A-4E2CF6374662}" = rport=10243 | protocol=6 | dir=out | app=system | "{1D67C097-44C6-4454-B365-B681A0752BD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4352F3EE-B338-47E7-A1F0-E78C07EDB16B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{452B8285-F1D1-42D4-B0DE-C90B66D2A87B}" = lport=2869 | protocol=6 | dir=in | app=system | "{873EF4EF-6368-4C28-85AC-9BABCE44CB7B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{8F88865B-BE15-4428-98B0-606DFDA79CEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{940AE4BD-1467-4B8C-972A-87D2438BD2FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EC6807E5-8198-411F-A5AF-CF90E672B303}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF0E6371-3CA0-43F5-B06C-7E3DE22B8321}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00CF8ACB-36D8-4D11-BC64-6D3A4BBF7DA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{050F23D3-C08A-47A2-92EB-7E54028DAF28}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs4d87.tmp\symnrt.exe | "{053A7A1E-8D2F-4AB0-ACB3-A5145DE343C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{13BDFAAC-B30D-4E0C-8B33-F1441C07CBDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{242F00E1-253F-43F5-B543-DC090B65A102}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3165A6C9-A9A8-4201-9347-2B791DAB9BDD}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{3FA9252D-8EB1-451A-8C3A-3A7C83DBA0F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4FFAE661-8BD7-4753-B009-A7A36B256752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{51B80EDC-00C1-4C61-978D-10817E390EE9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{5441CFAF-9418-4EE1-9BB4-7356C50F3C15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{66E9516E-A687-4408-BDD6-DD2245F94EB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7181C4BB-6D00-40C9-8632-D55C741C2363}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{751ED8FD-D0D4-41E7-B7D4-A2DF257829DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7AAAA2A2-13D8-4A0C-927F-F24AED8EBB41}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs49b0.tmp\symnrt.exe | "{80A5463D-FA3A-4624-812A-FBF8708C6DB6}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{86BA2747-13A6-430F-A870-2BE4AFAB1707}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{886C57D5-139D-443B-971D-580BEDB7E74E}" = protocol=6 | dir=out | app=system | "{89C4D86E-02FB-4C44-8F6F-2D3B6DDEE375}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8C08A9E6-9E77-4FF5-A112-A08EB5A70E3B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | "{8F092AD3-AD9A-4744-9624-EB60B3C0684C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{97B64630-46BC-418F-BD23-DBBE5E2E438C}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9887D2CD-70A0-4308-A3AB-22E8824C8DED}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs49b0.tmp\symnrt.exe | "{98B69A68-A4C1-4C91-9A8D-7061E8A012F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F7DB67A-6C4B-40BE-8E98-86F3338B597C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F9F1C92-1F60-4F4A-A9E6-F428D6248C21}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{A308D34C-2C80-4129-B3D2-B78A16F1DE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A6B4BC3B-17CC-4EBA-9EC0-CE8A57E2D470}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{B70D7283-8F27-4B14-B661-02BFE3E659CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B98E83D7-6708-4073-892B-6860343D2F7D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{C2010A54-74C0-4651-895D-C4FA130C2FB3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{DBC5F059-4F07-48A5-98E4-F211C78C3655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DD0CF21F-1D55-4FC9-903D-D24BE8D0FFDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E4C4D0F9-FE82-415D-8344-045A13E36F24}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs4d87.tmp\symnrt.exe | "{E8187DA7-C95C-4789-A500-382EBB78A89F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F69A8158-0798-4A19-8A6D-3F5F59C1783F}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | "TCP Query User{163B1147-812F-47B8-9648-05BC09530AA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{5045FDC3-04D3-44F3-B5E6-1236283A7800}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{7C5F51F8-8930-44F1-AD7D-5729C06F7A4A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{995E5D55-EAA0-4F5E-AD6E-05E7EA36D90B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9C9DEAA4-6648-4330-86A3-E4D501F9B2EF}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{BE997588-30FD-400A-8210-185FBFE392B2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{F3C768F2-85B5-4E44-BFD6-0100310ED9AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{0571C39E-77A4-40B4-A7BC-DD82F5A0F71F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{05C88454-8F47-4E3E-9455-EA941FE3E6F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{683C34EC-4D56-4BE6-BB3E-79DF0EAD8A1F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{BA6AD641-CBF7-403D-942A-E7AE61D45D76}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{CC43766D-CA90-407D-8BCF-58302172B454}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "UDP Query User{E94C9D1C-18DF-4DA0-870D-152A97D4FEA3}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{F13BE792-133F-4C3C-9479-CFD97F82F601}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4502 "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D523D94-C637-4C49-89FD-5B8FFB071D76}" = Dell ControlPoint Connection Manager "{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{8361A088-1A86-425B-968E-034555992392}" = NTRU TCG Software Stack "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E25AB4C-71E0-4B43-B44F-108BE18DC531}" = DCP32MMWrapper "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A1261462-A2EF-4FAB-9513-48EBEFC9A76E}" = Dell Button Service "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{D43C8156-C238-4FE1-9CEA-C39E3B8A3530}" = Wave Infrastructure Installer "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes "{FDE4BEC4-2D7E-4799-A9BA-2BD23512CC7B}" = Dell Control Point "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "{FF1FB289-146C-49EB-98C1-FADF4162CE28}" = Dell ControlPoint System Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Creative OA001" = Integrated Webcam Driver (1.06.03.0309) "Dell Webcam Central" = Dell Webcam Central "dradio-Recorder_is1" = dradio-Recorder Version 3.02.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Gmail Notifier" = Gmail Notifier "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MESOL" = Intel® Active Management Technology "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "PROSetDX" = Intel(R) Network Connections 13.0.42.0 "Samsung ML-2010 Series" = Samsung ML-2010 Series "Tobit ClipInc Server" = WDR RadioRecorder "TVWiz" = Intel(R) TV Wizard "VLC media player" = VLC media player 1.1.5 "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.02.2012 14:22:02 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1394368 Error - 14.02.2012 14:22:02 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1394368 Error - 14.02.2012 14:22:04 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.02.2012 14:22:04 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1396302 Error - 14.02.2012 14:22:04 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1396302 Error - 14.02.2012 16:48:36 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10 Description = Error - 14.02.2012 16:49:00 | Computer Name = ***-Laptop | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 14.02.2012 16:49:01 | Computer Name = ***-Laptop | Source = LMS | ID = 2 Description = Failed to unregister for device notifications Error - 14.02.2012 16:53:24 | Computer Name = ***-Laptop | Source = EventSystem | ID = 4609 Description = Error - 14.02.2012 16:54:01 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect VPN Client Events ] Error - 14.02.2012 14:48:46 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 14.02.2012 14:48:46 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.02.2012 14:48:46 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.02.2012 14:49:37 | Computer Name = ´***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.02.2012 14:49:37 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.02.2012 14:49:37 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 14.02.2012 14:49:37 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 14.02.2012 14:49:38 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.02.2012 14:49:38 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 14.02.2012 16:49:21 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory [ OSession Events ] Error - 20.01.2011 06:24:56 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3767 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.04.2011 13:48:36 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 08.07.2011 07:41:16 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 356 seconds with 120 seconds of active time. This session ended with a crash. Error - 04.08.2011 05:44:28 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.08.2011 05:55:57 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 583 seconds with 120 seconds of active time. This session ended with a crash. Error - 06.09.2011 08:03:49 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58038 seconds with 5520 seconds of active time. This session ended with a crash. Error - 03.11.2011 14:17:16 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 782 seconds with 0 seconds of active time. This session ended with a crash. Error - 18.11.2011 10:22:45 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.11.2011 22:44:17 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11281 seconds with 3420 seconds of active time. This session ended with a crash. Error - 10.12.2011 08:03:46 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6979 seconds with 2040 seconds of active time. This session ended with a crash. [ System Events ] Error - 14.02.2012 10:20:38 | Computer Name = ***-Laptop | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 14.02.2012 16:48:08 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008 Description = The previous system shutdown at 21:47:01 on 14.02.2012 was unexpected. Error - 14.02.2012 16:48:55 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7011 Description = Error - 14.02.2012 16:48:59 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 14.02.2012 16:52:48 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008 Description = The previous system shutdown at 21:51:00 on 14.02.2012 was unexpected. Error - 14.02.2012 16:53:15 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005 Description = Error - 14.02.2012 16:53:24 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005 Description = Error - 14.02.2012 16:53:30 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005 Description = Error - 14.02.2012 16:54:02 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 14.02.2012 16:54:02 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7026 Description = < End of report > |
15.02.2012, 10:42 | #3 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt hi
__________________ersetze im script *** durch nutzernamen dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [ffdwnd] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) :Files C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die + E Taste.
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!
__________________ |
15.02.2012, 10:55 | #4 |
| Windows aus Sicherheitsgründen gesperrt Vielen Dank erst einmal!! Ihr habt hier ja ganz schön zu tun!! All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully. File C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: *** ->Flash cache emptied: 3236 bytes User: *** ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 16169557 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 58069123 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 568953 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2443800942 bytes Total Files Cleaned = 2.402,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02152012_104951 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
15.02.2012, 10:57 | #5 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt hattest du *** durch den nutzernamen ersetzt? wenn nein, noch mal das script ausführen, falls doch bitte den upload machen, und nur auf von mir genannten seiten surfen, die sicherheitslücken die dir das eingebrockt haben sind noch da, und ich will keine doppelte arbeit haben. weiter gehts nach dem upload
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.02.2012, 10:57 | #6 |
| Windows aus Sicherheitsgründen gesperrt upload müsste geklappt haben! |
15.02.2012, 10:59 | #7 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt und noch mal die frage, hast du *** durch deinen nutzernamen ersetzt...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.02.2012, 10:59 | #8 |
| Windows aus Sicherheitsgründen gesperrt ich habe den namen eingegeben und am Ende wieder mit Sternchen markiert (das hab ich auf eurer Seite irgendwo gelesen)... ich kanns aber gerne noch einmal machen zur Sicherheit? |
15.02.2012, 11:00 | #9 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt ne, ist ok, wollte nur sicher gehen. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.02.2012, 11:37 | #10 |
| Windows aus Sicherheitsgründen gesperrt hier also combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-13.01 - *** 15.02.2012 11:13:07.3.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1033.18.3535.2442 [GMT 1:00] ausgeführt von:: c:\users\***\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-01-15 bis 2012-02-15 )))))))))))))))))))))))))))))) . . 2012-02-15 10:24 . 2012-02-15 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-02-15 10:24 . 2012-02-15 10:24 -------- d-----w- c:\users\***\AppData\Local\temp 2012-02-15 10:24 . 2012-02-15 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-14 13:53 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D0A4A86-383C-447A-B349-A6937F136733}\mpengine.dll 2012-02-08 09:59 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-02-08 09:59 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-02-08 09:58 . 2012-02-08 09:58 -------- d-----w- c:\program files\iPod 2012-02-08 09:58 . 2012-02-08 09:59 -------- d-----w- c:\program files\iTunes 2012-02-08 09:54 . 2012-02-08 09:54 -------- d-----w- c:\program files\Apple Software Update 2012-02-08 09:52 . 2012-02-08 09:52 -------- d-----w- c:\program files\Bonjour 2012-02-08 09:51 . 2012-02-08 09:58 -------- d-----w- c:\program files\Common Files\Apple 2012-01-27 12:56 . 2012-01-27 12:56 -------- d-----w- C:\PPFS_Scan3 2012-01-27 12:56 . 2012-01-27 12:56 -------- d-----w- C:\PPFS_Tools 2012-01-26 20:19 . 2012-01-26 20:19 -------- d-----w- c:\program files\ESET 2012-01-26 20:14 . 2012-01-26 20:14 -------- d-----w- C:\PPF_SCAN2 2012-01-26 19:24 . 2012-02-15 10:24 -------- d-----w- c:\users\***\AppData\Local\temp 2012-01-20 20:13 . 2012-02-15 09:56 -------- d-----w- C:\_OTL 2012-01-20 17:23 . 2012-01-20 17:23 -------- d-----w- c:\windows\Sun 2012-01-19 19:24 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-19 19:24 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-19 19:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-19 19:24 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-19 19:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-19 19:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-26 23:21 . 2009-11-11 13:46 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 14:24 . 2009-12-24 15:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-08 14:34 . 2011-10-14 12:43 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-11-25 15:59 . 2012-01-11 21:43 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37 . 2011-12-15 10:19 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 20:23 . 2012-01-11 21:43 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47 . 2012-01-11 21:43 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-03 23:55 . 2011-03-26 15:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-10-19 17:59 . 2009-12-23 15:24 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2008-11-09 17:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2008-11-09 17:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696] "BIOSEvent"="c:\program files\Dell\Latitude ON Reader Data\BIOSEvent.exe" [2008-08-29 110592] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote Inhaltsverzeichnis.onetoc2 [2010-1-7 3656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk backup=c:\windows\pss\Dell ControlPoint System Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2009-02-23 05:51 200704 ----a-w- c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth] 2008-09-24 17:36 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLIVFR] 2008-08-29 21:35 233472 ------w- c:\program files\Dell\Latitude ON Reader Data\CLIVFR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 14:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager] 2008-10-01 03:29 1454080 ----a-w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint] 2008-08-18 10:12 598016 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 10:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer] 2010-11-23 18:26 39936 ----a-w- c:\program files\dradio-Recorder\phonostarTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck] 2008-11-10 09:00 91448 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-27 06:03 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-12-04 12:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-27 06:04 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] 2012-01-13 13:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2008-05-23 13:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-27 06:03 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon] 2008-06-02 17:27 367128 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] 2007-01-03 03:47 520192 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2009-03-17 09:02 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService] 2008-11-10 14:06 24576 ----a-w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr] 2008-09-26 06:35 134144 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [2009-03-17 81920] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.hiergehtslos.de uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-02-15 11:24 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3603173210-3932442168-3912850311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" . [HKEY_USERS\S-1-5-21-3603173210-3932442168-3912850311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(740) c:\windows\system32\wvauth.dll . - - - - - - - > 'Explorer.exe'(1080) c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . Zeit der Fertigstellung: 2012-02-15 11:29:10 ComboFix-quarantined-files.txt 2012-02-15 10:29 ComboFix2.txt 2012-01-26 19:24 . Vor Suchlauf: 62.021.267.456 bytes free Nach Suchlauf: 62.931.742.720 bytes free . - - End Of File - - F459419FF9578005B569A9FF3B8E3277 |
15.02.2012, 11:54 | #11 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.02.2012, 14:49 | #12 |
| Windows aus Sicherheitsgründen gesperrt so hier ist der log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.15.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 *** :: ***-LAPTOP [administrator] 15.02.2012 11:56:59 mbam-log-2012-02-15 (11-56-59).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 321757 Time elapsed: 2 hour(s), 50 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
15.02.2012, 15:38 | #13 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt lade den CCleaner standard: http://filepony.de/download-ccleaner/ falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet Geändert von markusg (15.02.2012 um 15:58 Uhr) |
15.02.2012, 15:41 | #14 |
| Windows aus Sicherheitsgründen gesperrt hab ich das nicht gerade gemacht und die ergebnisse gepostet? Oder hab ich etwas falsch gemacht? sorry, ich stehe gerade etwas auf dem schlauch! |
15.02.2012, 15:58 | #15 |
/// Malware-holic | Windows aus Sicherheitsgründen gesperrt jo, hab grad editiert, sorry
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Windows aus Sicherheitsgründen gesperrt |
aus sicherheitsgründen, dankbar, erwischt, gesperrt, könntet, sicherheitsgründe, sicherheitsgründen, windows |