|
Log-Analyse und Auswertung: ComboFix-Logfile nach "System Check"-MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.03.2012, 22:02 | #1 |
| ComboFix-Logfile nach "System Check"-Malware Hallo zusammen, habe mir heute leider malware eingefangen, "System Check" (hier Beschreibung, weiß nicht wie seriös sie ist: trojan-killer.net/de/tag/system-check-virus-removal/). Habe dann ComboFix durchlaufen lassen (unter Berücksichtigung dieser Anleitung: bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird#restore). Die Malware startete nicht mehr nach dem Neustart (durch ComboFix initiiert) aber meine dateien und ordner sind immer noch trnaspartent/hidden.. auf der anleitungsseite wurde euer forum genannt, wenn man sein logifle von profis checken lassen will und so hoffe ich, dass ihr mir helfen könnt. also vielen vielen dank im voraus für's lesen und wenn ich noch mit infos aushelfen kann schreibt mir bitte! lg ___LOGFILE______________________________________________________ Combofix Logfile: Code:
ATTFilter ComboFix 12-03-02.01 - User 02.03.2012 20:38:10.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3004.2169 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ovu4jwEAyicwSF c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ovu4jwEAyicwSF.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\QgsXPpOqaEn.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\1.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\a.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\b.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\c.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\d.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\e.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\f.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\g.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\h.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\i.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\J.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\k.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\l.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\m.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\mru.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\n.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\o.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\p.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\q.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\r.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\s.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\t.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\u.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\v.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\w.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\x.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\y.xml c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\z.xml c:\dokumente und einstellungen\User\Desktop\System Check.lnk c:\dokumente und einstellungen\User\Eigene Dateien\Downloads\CT2776682_BrotherSoft_Extreme.exe C:\Recycle.Bin c:\recycle.bin\7DD73FF6B4D1161 c:\recycle.bin\B6232F3AFAA.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\oobe\msoobe.exe c:\windows\system32\oobe\oobebaln.exe c:\windows\system32\SET113.tmp c:\windows\system32\SET115.tmp c:\windows\system32\SET119.tmp c:\windows\system32\SET121.tmp c:\windows\system32\SET169.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 )))))))))))))))))))))))))))))) . . 2012-03-02 19:11 . 2012-03-02 19:11 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-15 18:33 . 2011-12-11 12:38 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-30 18:50 . 2012-01-30 18:50 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-12-15 18:49 . 2011-07-07 16:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2008-03-09 06:25 . 2010-01-09 15:18 236 ----a-w- c:\programme\Gemeinsame Dateien\dx.reg 2012-02-20 20:09 . 2011-05-13 19:04 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\programme\BittorrentBar_DE\prxtbBit2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}] 2011-05-09 09:49 176936 ----a-w- c:\programme\BittorrentBar_DE\prxtbBit2.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-09-07 18:34 194848 ----a-w- c:\programme\Yontoo Layers Runtime\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\programme\BittorrentBar_DE\prxtbBit2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}"= "c:\programme\BittorrentBar_DE\prxtbBit2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\programme\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RTHDCPL"="RTHDCPL.EXE" [2009-06-13 17881600] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-06-13 148888] "AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "HKSERV.EXE"="c:\programme\Sony\HotKey Utility\HKserv.exe" [2004-06-29 122880] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2002-11-01 126976] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2002-11-01 561152] "VirtualCloneDrive"="c:\programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-06-07 421160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\ 61871.lnk - c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\mvNat.exe [N/A] IMVU.lnk - c:\dokumente und einstellungen\User\Anwendungsdaten\IMVUClient\IMVUQualityAgent.exe [N/A] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\BitTorrent\\BitTorrent.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.08.2009 23:14 64512] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04.09.2011 10:27 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06.07.2009 21:49 320856] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11.12.2011 13:38 36000] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 19:31 277544] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.12.2011 13:38 86224] R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [10.12.2008 00:10 24636] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06.07.2009 21:49 20568] R2 hshld;Hotspot Shield Service;c:\programme\Hotspot Shield\bin\openvpnas.exe [06.10.2011 01:21 288088] R2 HssWd;Hotspot Shield Monitoring Service;c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [03.11.2011 12:06 2152152] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13.06.2009 14:40 244368] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.10.2010 15:48 136176] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 04:46 284016] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.06.2009 16:16 1684736] S3 cpudrv;cpudrv;c:\programme\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [12.10.2010 15:48 136176] S3 PCIUtil;PCI Utility;\??\c:\dokume~1\User\LOKALE~1\Temp\PCIUtil.sys --> c:\dokume~1\User\LOKALE~1\Temp\PCIUtil.sys [?] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhalt des "geplante Tasks" Ordners . 2012-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06] . 2012-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-10-12 14:47] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-10-12 14:47] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.hotspotshield.com/g/?c=h uInternet Settings,ProxyOverride = *.local IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\dokumente und einstellungen\User\Startmenü\Programme\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p= FF - prefs.js: network.proxy.http - 66.167.100.59 FF - prefs.js: network.proxy.http_port - 6649 FF - prefs.js: network.proxy.type - 2 FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, 1af8b055-0a68-45f1-bf06-6d2c57f6c843 FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,SanitySwitch,PageRage,PageRageGlobal, . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-AdobeBridge - (no file) HKCU-Run-4Y3Y0C3A9F7W0VWDRRECZ - c:\recycle.bin\B6232F3AFAA.exe HKLM-Run-QgsXPpOqaEn.exe - c:\dokumente und einstellungen\All Users\Anwendungsdaten\QgsXPpOqaEn.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\dokume~1\ALLUSE~1\ANWEND~1\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-02 21:05 Windows 5.1.2600 Service Pack 3 NTFS . ScUser versteckte Prozesse... . ScUser versteckte Autostarteinträge... . ScUser versteckte Dateien... . . C:\## aswSnx private storage . Scan erfolgreich abgeschlossen versteckte Dateien: 1 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(1836) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Alwil Software\Avast5\AvastSvc.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Hotspot Shield\HssWPR\hsssrv.exe c:\programme\Hotspot Shield\bin\hsswd.exe c:\programme\Java\jre6\bin\jqs.exe c:\xampp\mysql\bin\mysqld.exe c:\programme\CDBurnerXP\NMSAccessU.exe c:\programme\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programme\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\RTHDCPL.EXE c:\programme\Sony\HotKey Utility\HKWnd.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-03-02 21:16:53 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-03-02 20:16 . Vor Suchlauf: 14 Verzeichnis(se), 18.928.635.904 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 32.587.882.496 Bytes frei . WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 047040F33B5EB169F11F2B8C2B83B75D |
03.03.2012, 01:17 | #2 |
| ComboFix-Logfile nach "System Check"-Malware und hier noch ein malwarebyteslogfile:
__________________Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.03.02.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 02.03.2012 22:07:24 mbam-log-2012-03-02 (22-07-24).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 413167 Laufzeit: 2 Stunde(n), 50 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\CLSID\{B8B03DA0-E072-38C5-7B98-F1B96FBE316A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44\4f051a2c-78c24c38 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ovu4jwEAyicwSF.exe.vir (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\QgsXPpOqaEn.exe.vir (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134567.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134568.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\61871.lnk (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\WINDOWS\system32\d3dx10d.dll (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
03.03.2012, 11:14 | #3 |
| ComboFix-Logfile nach "System Check"-Malware ... und hier noch das ESET-Logfile:
__________________ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScUserrApp.exe=1.0.0.1 # OnlineScUserr.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8e6fd640f85ccc40a276cc3563ef7ee9 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-03 03:26:19 # local_time=2012-03-03 04:26:19 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 62772462 62772462 0 0 # compatibility_mode=770 16774141 100 100 6932487 107441297 0 0 # compatibility_mode=1792 16777191 100 0 7127919 7127919 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777213 100 64 48246501 115147919 0 0 # scUserd=230663 # found=11 # cleaned=11 # scan_time=10154 C:\Dokumente und Einstellungen\User\Adobe.Flash.CS4.v10.0.PRO\AdobeFlashCS4.exe NSIS/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\User\Adobe.Flash.CS4.v10.0.PRO\AdobeFlashCS4.exe.BAK NSIS/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP367\A0120576.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP367\A0120579.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134570.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134574.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134776.exe NSIS/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP399\A0134784.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
03.03.2012, 12:52 | #4 |
| ComboFix-Logfile nach "System Check"-Malware so, habe nach einer anleitung aus diesem forum noch folgendes gemacht: 1.) rkill.exe ausführen 2.) unhide.exe ausführen 3.) tdsskiller.exe ausführen ordner sind auch wieder sichtbar. Da "System Check" immer noch unter "Start" > "Programme" aufgelistet wird, bin ich mir nicht sicher, ob mein rechner nun sicher ist oder ich mein system neu aufspielen sollte. hier noch mein OTL-Logfile + Extra:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.03.2012 12:32:53 - Run 2 OTL by OldTimer - Version 3.2.35.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free 4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS Computer Name: USER | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation) PRC - C:\Programme\Sony\HotKey Utility\HKWnd.exe (Sony Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Alwil Software\Avast5\defs\12030300\algo.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw () MOD - C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll () MOD - C:\Programme\Lavasoft\Ad-Aware\Viprebridge.dll () MOD - C:\Programme\Lavasoft\Ad-Aware\Vipre.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe () MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll () MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll () MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll () MOD - c:\xampp\mysql\bin\mysqld.exe () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - c:\xampp\apache\bin\libmysql.dll () MOD - c:\xampp\apache\bin\libpq.dll () MOD - c:\xampp\apache\bin\libmcrypt.dll () MOD - c:\xampp\apache\bin\zlib1.dll () MOD - C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll () MOD - c:\xampp\apache\bin\pxlib.dll () MOD - c:\xampp\apache\bin\pslib.dll () MOD - C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll () ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (MySQL) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (VBoxNetFlt) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIUtil) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (hwdatacard) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- File not found DRV - (BTWUSB) -- File not found DRV - (btkrnl) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys () DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {5C1F887D-DA89-4359-A552-DC8BF60E6A83} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE IE - HKCU\..\SearchScopes\{27B23211-003D-4A03-945A-FD59DA575B98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms} IE - HKCU\..\SearchScopes\{5C1F887D-DA89-4359-A552-DC8BF60E6A83}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.yahoo.com/search?fr=chr-ober&type=oberongc&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=" FF - prefs.js..network.proxy.http: "66.167.100.59" FF - prefs.js..network.proxy.http_port: 6649 FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.01 22:17:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.13 20:04:30 | 000,000,000 | ---D | M] [2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions [2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com [2012.03.01 22:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions [2010.05.02 11:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.28 03:27:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.01.07 21:04:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.07.20 21:55:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\moveplayer@movenetworks.com [2011.11.18 10:52:56 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\plugin@yontoo.com [2011.11.18 10:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions [2010.03.07 13:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.18 10:52:57 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\plugin@yontoo.com [2011.11.21 19:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.03 22:22:05 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.02.20 21:09:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.10.26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.02.15 10:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 10:46:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.15 10:46:42 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 10:46:42 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.21 19:12:32 | 000,001,847 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\privatesearch.xml [2012.02.15 10:46:42 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 10:46:42 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.gif [2010.01.09 12:38:59 | 000,000,201 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.src O1 HOSTS File: ([2012.03.02 21:04:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll (Core Services) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\IMVU.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\USER\Startmenü\Programme\IMVU\Run IMVU.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61BA53FB-FC07-41E0-9470-179780CD45D0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 08:59:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.03 11:29:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012.03.03 11:27:13 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe [2012.03.03 01:44:01 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe [2012.03.03 01:33:52 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe [2012.03.02 22:06:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Malwarebytes [2012.03.02 22:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.03.02 22:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.03.02 22:05:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.03.02 22:05:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.03.02 21:42:00 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.02 21:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.03.02 20:33:14 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.03.02 20:29:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.03.02 20:29:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.03.02 20:29:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.03.02 20:29:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.03.02 20:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.03.02 20:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.02 20:16:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\USER\Recent [2012.03.02 19:55:37 | 004,424,615 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe [2012.03.02 19:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\System Check [2012.02.26 16:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\overlib [2012.02.26 16:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\ndxz [2012.02.26 16:39:59 | 000,224,798 | ---- | C] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe [2012.02.26 16:26:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\wp themes 2011 [2012.02.02 21:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\Neuer Ordner (4) [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.03 12:24:27 | 221,886,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2012.03.03 12:03:13 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.03.03 12:03:08 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012.03.03 12:03:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.03 12:02:06 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.03 12:01:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.03 11:28:39 | 002,601,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2012.03.03 11:27:11 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe [2012.03.03 11:26:46 | 001,008,141 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe [2012.03.03 10:52:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.03 01:43:58 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe [2012.03.03 01:33:56 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe [2012.03.02 22:05:53 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.02 21:42:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.02 21:04:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.03.02 20:33:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.03.02 19:55:46 | 004,424,615 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe [2012.03.01 19:47:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.03.01 19:47:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.02.29 22:25:59 | 000,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.27 21:36:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.02.26 16:40:04 | 000,224,798 | ---- | M] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe [2012.02.15 19:33:57 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.02.05 21:37:36 | 000,313,800 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2012.02.05 21:33:42 | 005,279,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.05 14:38:43 | 000,043,180 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.03 11:26:44 | 001,008,141 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe [2012.03.02 22:05:53 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.02 20:45:44 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.02 20:45:44 | 000,001,635 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Astroplus (classic Design).lnk [2012.03.02 20:45:44 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Chiron.lnk [2012.03.02 20:33:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.03.02 20:33:23 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.03.02 20:29:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.02 20:29:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.02 20:29:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.02 20:29:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.02 20:29:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.05 14:38:42 | 000,043,180 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF [2012.02.03 17:52:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2012.02.03 17:52:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.12.11 22:10:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\astplus.ini [2011.12.11 22:07:37 | 000,000,086 | ---- | C] () -- C:\WINDOWS\astagctl.ini [2011.12.11 22:06:13 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll [2011.11.18 13:03:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.11.18 10:55:00 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini [2011.10.08 22:45:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2011.08.20 11:04:10 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.01.18 23:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat [2010.11.16 19:19:34 | 002,201,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.10.15 18:54:00 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Poladroid prefs.plist < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.03.2012 12:32:53 - Run 2 OTL by OldTimer - Version 3.2.35.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free 4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS Computer Name: USER | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server "51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server "51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0 "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7D35FC6F-BEE0-41B7-8627-0B12FD1586A3}_is1" = Bigasoft iPhone Ringtone Maker 1.8.0.4024 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B36C3DFD-BAB0-4513-BD27-FA4906A738FD}" = HotKey Utility "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0 "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2 "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional "Astrocontact Astroplus Demo_is1" = Astrocontact Astroplus "avast" = avast! Free Antivirus "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "BitTorrent" = BitTorrent "BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar "CamStudio" = CamStudio "Chiron 6 und Cortesi Texte_is1" = Chiron 6 und Cortesi Texte 6.8.185 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only) "DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ElsterFormular 12.4.0.7094k" = ElsterFormular "FileZilla Client" = FileZilla Client 3.2.4.1 "FLAC" = FLAC 1.2.1b (remove only) "Flash Designer" = Flash Designer 1.5 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "FTP Commander" = FTP Commander "HijackThis" = HijackThis 2.0.2 "HotspotShield" = Hotspot Shield 2.09 "HTML Colors" = HTML Colors "ie8" = Windows Internet Explorer 8 "IETester" = IETester v0.4.10 (remove only) "JAP" = JAP "KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Notepad++" = Notepad++ "OpenAL" = OpenAL "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "ST5UNST #1" = Horoskop "ST5UNST #2" = Horoskop (C:\Programme\Horoskop\) "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "Tales of Monkey Island" = Tales of Monkey Island "Totalcmd" = Total Commander (Remove or Repair) "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.3 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xampp" = XAMPP 1.7.1 "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NodeBox" = NodeBox ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 01.03.2012 17:59:18 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 17:59:26 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 17:59:45 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 18:00:07 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 18:04:08 | Computer Name = USER | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Sims3LauncherW.exe, Version 0.2.0.154, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 02.03.2012 15:17:32 | Computer Name = USER | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Ovu4jwEAyicwSF.exe, Version 6.0.2028.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established . Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 03.03.2012 06:59:09 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 03.03.2012 06:59:23 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . [ System Events ] Error - 02.03.2012 22:13:09 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:14 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:19 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:23 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:28 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:33 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.03.2012 06:30:24 | Computer Name = USER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Aavmker4 aswSnx aswSP aswTdi avipbb avkmgr DMICall ElbyCDIO Fips intelppm KLIF ssmdrv Error - 03.03.2012 06:38:04 | Computer Name = USER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 03.03.2012 06:38:08 | Computer Name = USER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 03.03.2012 07:00:39 | Computer Name = USER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > |
03.03.2012, 12:54 | #5 |
| ComboFix-Logfile nach "System Check"-Malware so, habe nach einer anleitung aus diesem forum noch folgendes gemacht: 1.) rkill.exe ausführen 2.) unhide.exe ausführen 3.) tdsskiller.exe ausführen ordner sind auch wieder sichtbar. Da "System Check" immer noch unter "Start" > "Programme" aufgelistet wird, bin ich mir nicht sicher, ob mein rechner nun sicher ist oder ich mein system neu aufspielen sollte. hier noch mein OTL-Logfile + Extra:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.03.2012 12:32:53 - Run 2 OTL by OldTimer - Version 3.2.35.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free 4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS Computer Name: USER | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation) PRC - C:\Programme\Sony\HotKey Utility\HKWnd.exe (Sony Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Alwil Software\Avast5\defs\12030300\algo.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw () MOD - C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll () MOD - C:\Programme\Lavasoft\Ad-Aware\Viprebridge.dll () MOD - C:\Programme\Lavasoft\Ad-Aware\Vipre.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe () MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll () MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll () MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll () MOD - c:\xampp\mysql\bin\mysqld.exe () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - c:\xampp\apache\bin\libmysql.dll () MOD - c:\xampp\apache\bin\libpq.dll () MOD - c:\xampp\apache\bin\libmcrypt.dll () MOD - c:\xampp\apache\bin\zlib1.dll () MOD - C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll () MOD - c:\xampp\apache\bin\pxlib.dll () MOD - c:\xampp\apache\bin\pslib.dll () MOD - C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll () ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (MySQL) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (VBoxNetFlt) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIUtil) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (hwdatacard) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- File not found DRV - (BTWUSB) -- File not found DRV - (btkrnl) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys () DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {5C1F887D-DA89-4359-A552-DC8BF60E6A83} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE IE - HKCU\..\SearchScopes\{27B23211-003D-4A03-945A-FD59DA575B98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms} IE - HKCU\..\SearchScopes\{5C1F887D-DA89-4359-A552-DC8BF60E6A83}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.yahoo.com/search?fr=chr-ober&type=oberongc&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=" FF - prefs.js..network.proxy.http: "66.167.100.59" FF - prefs.js..network.proxy.http_port: 6649 FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.01 22:17:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.13 20:04:30 | 000,000,000 | ---D | M] [2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions [2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com [2012.03.01 22:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions [2010.05.02 11:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.28 03:27:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.01.07 21:04:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.07.20 21:55:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\moveplayer@movenetworks.com [2011.11.18 10:52:56 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\plugin@yontoo.com [2011.11.18 10:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions [2010.03.07 13:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.18 10:52:57 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\plugin@yontoo.com [2011.11.21 19:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.03 22:22:05 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.02.20 21:09:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.10.26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.02.15 10:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 10:46:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.15 10:46:42 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 10:46:42 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.21 19:12:32 | 000,001,847 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\privatesearch.xml [2012.02.15 10:46:42 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 10:46:42 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.gif [2010.01.09 12:38:59 | 000,000,201 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.src O1 HOSTS File: ([2012.03.02 21:04:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll (Core Services) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\IMVU.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\USER\Startmenü\Programme\IMVU\Run IMVU.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61BA53FB-FC07-41E0-9470-179780CD45D0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 08:59:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.03 11:29:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012.03.03 11:27:13 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe [2012.03.03 01:44:01 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe [2012.03.03 01:33:52 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe [2012.03.02 22:06:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Malwarebytes [2012.03.02 22:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.03.02 22:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.03.02 22:05:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.03.02 22:05:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.03.02 21:42:00 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.02 21:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.03.02 20:33:14 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.03.02 20:29:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.03.02 20:29:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.03.02 20:29:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.03.02 20:29:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.03.02 20:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.03.02 20:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.02 20:16:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\USER\Recent [2012.03.02 19:55:37 | 004,424,615 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe [2012.03.02 19:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\System Check [2012.02.26 16:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\overlib [2012.02.26 16:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\ndxz [2012.02.26 16:39:59 | 000,224,798 | ---- | C] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe [2012.02.26 16:26:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\wp themes 2011 [2012.02.02 21:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\Neuer Ordner (4) [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.03 12:24:27 | 221,886,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2012.03.03 12:03:13 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.03.03 12:03:08 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012.03.03 12:03:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.03 12:02:06 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.03 12:01:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.03 11:28:39 | 002,601,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2012.03.03 11:27:11 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe [2012.03.03 11:26:46 | 001,008,141 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe [2012.03.03 10:52:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.03 01:43:58 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe [2012.03.03 01:33:56 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe [2012.03.02 22:05:53 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.02 21:42:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.02 21:04:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.03.02 20:33:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.03.02 19:55:46 | 004,424,615 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe [2012.03.01 19:47:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.03.01 19:47:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.02.29 22:25:59 | 000,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.27 21:36:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.02.26 16:40:04 | 000,224,798 | ---- | M] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe [2012.02.15 19:33:57 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.02.05 21:37:36 | 000,313,800 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2012.02.05 21:33:42 | 005,279,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.05 14:38:43 | 000,043,180 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.03 11:26:44 | 001,008,141 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe [2012.03.02 22:05:53 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.02 20:45:44 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.02 20:45:44 | 000,001,635 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Astroplus (classic Design).lnk [2012.03.02 20:45:44 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Chiron.lnk [2012.03.02 20:33:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.03.02 20:33:23 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.03.02 20:29:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.02 20:29:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.02 20:29:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.02 20:29:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.02 20:29:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.05 14:38:42 | 000,043,180 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF [2012.02.03 17:52:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2012.02.03 17:52:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.12.11 22:10:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\astplus.ini [2011.12.11 22:07:37 | 000,000,086 | ---- | C] () -- C:\WINDOWS\astagctl.ini [2011.12.11 22:06:13 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll [2011.11.18 13:03:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.11.18 10:55:00 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini [2011.10.08 22:45:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2011.08.20 11:04:10 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.01.18 23:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat [2010.11.16 19:19:34 | 002,201,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.10.15 18:54:00 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Poladroid prefs.plist < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.03.2012 12:32:53 - Run 2 OTL by OldTimer - Version 3.2.35.0 Folder = C:\Dokumente und Einstellungen\USER\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free 4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS Computer Name: USER | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server "51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server "51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0 "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7D35FC6F-BEE0-41B7-8627-0B12FD1586A3}_is1" = Bigasoft iPhone Ringtone Maker 1.8.0.4024 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B36C3DFD-BAB0-4513-BD27-FA4906A738FD}" = HotKey Utility "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0 "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2 "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional "Astrocontact Astroplus Demo_is1" = Astrocontact Astroplus "avast" = avast! Free Antivirus "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "BitTorrent" = BitTorrent "BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar "CamStudio" = CamStudio "Chiron 6 und Cortesi Texte_is1" = Chiron 6 und Cortesi Texte 6.8.185 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only) "DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ElsterFormular 12.4.0.7094k" = ElsterFormular "FileZilla Client" = FileZilla Client 3.2.4.1 "FLAC" = FLAC 1.2.1b (remove only) "Flash Designer" = Flash Designer 1.5 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "FTP Commander" = FTP Commander "HijackThis" = HijackThis 2.0.2 "HotspotShield" = Hotspot Shield 2.09 "HTML Colors" = HTML Colors "ie8" = Windows Internet Explorer 8 "IETester" = IETester v0.4.10 (remove only) "JAP" = JAP "KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Notepad++" = Notepad++ "OpenAL" = OpenAL "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "ST5UNST #1" = Horoskop "ST5UNST #2" = Horoskop (C:\Programme\Horoskop\) "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "Tales of Monkey Island" = Tales of Monkey Island "Totalcmd" = Total Commander (Remove or Repair) "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.3 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xampp" = XAMPP 1.7.1 "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NodeBox" = NodeBox ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522 Description = Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 01.03.2012 17:59:18 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 17:59:26 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 17:59:45 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 18:00:07 | Computer Name = USER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06. Error - 01.03.2012 18:04:08 | Computer Name = USER | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Sims3LauncherW.exe, Version 0.2.0.154, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 02.03.2012 15:17:32 | Computer Name = USER | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Ovu4jwEAyicwSF.exe, Version 6.0.2028.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established . Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 03.03.2012 06:59:09 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 03.03.2012 06:59:23 | Computer Name = USER | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . [ System Events ] Error - 02.03.2012 22:13:09 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:14 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:19 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:23 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:28 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 02.03.2012 22:13:33 | Computer Name = USER | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.03.2012 06:30:24 | Computer Name = USER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Aavmker4 aswSnx aswSP aswTdi avipbb avkmgr DMICall ElbyCDIO Fips intelppm KLIF ssmdrv Error - 03.03.2012 06:38:04 | Computer Name = USER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 03.03.2012 06:38:08 | Computer Name = USER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 03.03.2012 07:00:39 | Computer Name = USER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > |
03.03.2012, 21:07 | #6 |
| ComboFix-Logfile nach "System Check"-Malware Also mir wurde bereits woanders geholfen. Werde meinen Rechner platt machen. "Also eine vollständige Säuberung ist technisch gesehen nicht möglich, weil sie (sowohl die 3 AV-Scanner als auch die bösartige Malware) sehr tief strukturell im System verankert sind! " |
Themen zu ComboFix-Logfile nach "System Check"-Malware |
ad-aware, antivirus, avgnt, avira, bonjour, buzzdock, cdburnerxp, combofix, desktop, firefox, google, helper, hotspot, hotspot shield, hängen, internet, internet explorer, logfile, logfile combofix system check malware, malware, mozilla, scan, security, server, software, svchost, system, tarma, tcp, trojan, virtualbox, windows, windows xp, yontoo |