![]() |
|
Plagegeister aller Art und deren Bekämpfung: Malwarebytes hat dhxiuw.dat (Malware.Trace) entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() Malwarebytes hat dhxiuw.dat (Malware.Trace) entdeckt Hallo liebe Profis! Auf meinem neuen Sony Vaio hat mich vor einer Woche der GUV Trojaner, dessen Folgen ihr gerade dabei seid zu beseitigen, erwischt. Vielen lieben Dank auch an dieser Stelle an markusg!! Wegen des Trojaners meinen zweiten Laptop (Fujitsu Siemens Amilo Si 1520 mit Windows Vista) rausgegraben. Auch hier habe ich sicherheitshalber den Malwarebytes Anti Malware duchrlaufen lassen. Und zu meinem Erstaunen auch hier hat er was entdeckt. Ich glaube, es ist was kleineres und harmloseres, da der Fujitsu scheint, normal zu laufen. Ok, zugegeben, etwas langsam. Deswegen habe ich en Euch Profis einige Fragen: 1. Was ist das dieses "dhxiuw.dat (Malware.Trace)"? 2. Ist jetzt mein Laptop, nachdem es Malwarebytes gelöscht hat, komplett sauber und sicher? 3. Mein Laptop hat als Antivir den AVAST. Wie kann mich aber zusätzlich schützen? 4. Ich habe gelesen, dass Erstellung eines Standard-Benützerkontos Sinn macht, damit man den nicht als Admin im Alltag unterwegs ist. Ich habe aber auch gelesen, dass das die Leistung des Laptops verlansamen kann und (was glaub ich noch schlimmer ist) die Windows Updates im Stadardkonto nicht möglich sind. Stimmt das? Danke für Eure Hilfe, nach Rat Suchende Ania Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.31.08 Windows Vista x86 NTFS Internet Explorer 8.0.6001.18904 Ania :: ANIASIEMENS [Administrator] 31.07.2012 13:48:55 mbam-log-2012-07-31 (13-48-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 183864 Laufzeit: 7 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Ania\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Guten morgen Euch Profis! Und hier noch Ergebnisse von OTL Otl.txt Code:
ATTFilter OTL logfile created on: 01.08.2012 07:53:25 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ania\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,56 Mb Total Physical Memory | 352,36 Mb Available Physical Memory | 34,76% Memory free 2,22 Gb Paging File | 1,45 Gb Available in Paging File | 65,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 43,07 Gb Free Space | 57,79% Space Free | Partition Type: NTFS Drive E: | 74,52 Gb Total Space | 47,27 Gb Free Space | 63,43% Space Free | Partition Type: NTFS Computer Name: ANIASIEMENS | User Name: Ania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.01 07:52:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ania\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.08.19 15:27:12 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2009.08.19 15:07:58 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.05.21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2009.05.21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2007.01.30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe PRC - [2007.01.11 19:54:12 | 001,359,872 | ---- | M] (Quanta Computer, INC.) -- C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe PRC - [2006.11.07 22:45:22 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.10.27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2006.09.29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.09.29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006.09.13 16:29:46 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2006.01.24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (No Company Name) ========== MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2007.02.16 20:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll MOD - [2006.11.06 09:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2006.11.06 09:00:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll MOD - [2006.10.25 18:33:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Keyboard Manager\Manager Utility\QManager.dll MOD - [2005.07.22 22:30:20 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.31 20:06:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.19 15:27:12 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.05.21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2006.10.31 23:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.09.29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.11.18 17:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtstusbser.sys -- (gtstusbser) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.02.12 17:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2006.11.15 17:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.15 12:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.15 10:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 18:41:14 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.01 22:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2006.10.28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.10.10 20:33:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006.10.05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2006.09.21 15:22:42 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfbd.sys -- (tosrfbd) DRV - [2006.08.17 15:32:26 | 000,033,664 | ---- | M] (Quanta Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qkbfiltr.sys -- (qkbfiltr) DRV - [2006.08.04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.03.16 11:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2005.08.01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.07.11 19:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2005.01.06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE341 IE - HKCU\..\SearchScopes\{AD720D23-CBCD-4841-BA23-050669E512F2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b8d51471-15f1-46cd-a600-448a6b103c2d}:1.7.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.25 15:59:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.31 20:06:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 20:13:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.31 20:06:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.31 20:13:25 | 000,000,000 | ---D | M] [2009.08.22 14:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ania\AppData\Roaming\mozilla\Extensions [2012.07.08 23:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ania\AppData\Roaming\mozilla\Firefox\Profiles\0gqz68sj.default\extensions [2010.05.01 20:21:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ania\AppData\Roaming\mozilla\Firefox\Profiles\0gqz68sj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.30 12:30:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ania\AppData\Roaming\mozilla\Firefox\Profiles\0gqz68sj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.17 18:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.07.25 15:59:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.05.17 18:34:27 | 000,210,799 | ---- | M] () (No name found) -- C:\USERS\ANIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GQZ68SJ.DEFAULT\EXTENSIONS\{B8D51471-15F1-46CD-A600-448A6B103C2D}.XPI [2012.07.31 20:06:40 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O8 - Extra context menu item: Free YouTube Download - C:\Users\Ania\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32CEA9D5-E9D2-4086-9D80-BB0CA892E7E8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{597B5BB9-A20D-40B4-9EBE-5F27D3870208}: DhcpNameServer = 81.173.194.76 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: E:\Pictures\promise myself2.jpg O24 - Desktop BackupWallPaper: E:\Pictures\promise myself2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ee31e64-924c-11de-b7d5-0011e2fd078e}\Shell - "" = AutoRun O33 - MountPoints2\{0ee31e64-924c-11de-b7d5-0011e2fd078e}\Shell\AutoRun\command - "" = F:\QsSetup.exe O33 - MountPoints2\{0f6e7c9c-c2c1-11de-a13f-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{0f6e7c9c-c2c1-11de-a13f-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0f6e7ca5-c2c1-11de-a13f-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{0f6e7ca5-c2c1-11de-a13f-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0f6e7cad-c2c1-11de-a13f-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{0f6e7cad-c2c1-11de-a13f-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0f6e7caf-c2c1-11de-a13f-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{0f6e7caf-c2c1-11de-a13f-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{15f03617-c273-11de-bc94-0011e2fd078e}\Shell - "" = AutoRun O33 - MountPoints2\{15f03617-c273-11de-bc94-0011e2fd078e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7a1308e3-400d-11df-ab2e-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{7a1308e3-400d-11df-ab2e-001636f25e40}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7a1308f1-400d-11df-ab2e-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{7a1308f1-400d-11df-ab2e-001636f25e40}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7a1308fc-400d-11df-ab2e-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{7a1308fc-400d-11df-ab2e-001636f25e40}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7a130910-400d-11df-ab2e-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{7a130910-400d-11df-ab2e-001636f25e40}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b1d38ce3-c3b0-11de-8c71-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{b1d38ce3-c3b0-11de-8c71-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b1d38ce5-c3b0-11de-8c71-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{b1d38ce5-c3b0-11de-8c71-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ff390dd3-c280-11de-a620-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{ff390dd3-c280-11de-a620-001636f25e40}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ff390dd4-c280-11de-a620-001636f25e40}\Shell - "" = AutoRun O33 - MountPoints2\{ff390dd4-c280-11de-a620-001636f25e40}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.01 07:52:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ania\Desktop\OTL.exe [2012.07.31 20:11:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.31 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Ania\AppData\Roaming\Malwarebytes [2012.07.31 13:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.31 13:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 13:47:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.31 13:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.26 14:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.26 14:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.26 01:10:48 | 000,000,000 | ---D | C] -- C:\Users\Ania\AppData\Roaming\Apple Computer [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.01 07:52:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ania\Desktop\OTL.exe [2012.08.01 07:42:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.01 07:41:55 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.01 07:41:55 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.01 07:41:55 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.01 07:41:55 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.01 07:37:37 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 07:37:37 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 07:37:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.01 07:37:27 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 23:32:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.31 23:10:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 20:13:25 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.31 13:47:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.27 19:43:17 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 16:00:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.31 20:13:25 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.07.31 20:13:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.07.31 13:47:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.05.15 16:23:32 | 000,000,680 | ---- | C] () -- C:\Users\Ania\AppData\Local\d3d9caps.dat [2010.10.13 03:03:48 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.05.11 14:40:08 | 000,000,012 | ---- | C] () -- C:\Users\Ania\AppData\Roaming\qvjsge.dat [2009.08.30 10:52:10 | 000,018,432 | ---- | C] () -- C:\Users\Ania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.22 15:26:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2010.10.30 12:30:13 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 00:06:32 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\FUJIFILM [2011.01.02 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\Leadertech [2010.10.26 15:59:51 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\Nokia [2010.10.23 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\PC Suite [2010.01.28 13:30:03 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\Serif [2009.10.27 00:36:07 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\Vodafone [2010.10.13 03:24:06 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\Ymcicy [2010.06.30 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\Ania\AppData\Roaming\Ymibyv [2012.07.31 23:32:24 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.08.2012 07:53:25 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ania\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,56 Mb Total Physical Memory | 352,36 Mb Available Physical Memory | 34,76% Memory free 2,22 Gb Paging File | 1,45 Gb Available in Paging File | 65,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 43,07 Gb Free Space | 57,79% Space Free | Partition Type: NTFS Drive E: | 74,52 Gb Total Space | 47,27 Gb Free Space | 63,43% Space Free | Partition Type: NTFS Computer Name: ANIASIEMENS | User Name: Ania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D2351C8B-33E6-4A05-A8FE-A00EC458F6D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{50457660-D45B-47DA-B60F-AC60420FA5E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{625EFA0D-63B9-4188-AA7E-B813FA402F73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7715D255-64F6-4207-8CEF-698F27E64071}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA84A840-BB1C-4E0E-AA5E-B5B832CD0C89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E44C0AED-ED36-4ACB-9F7F-DC5E20598B7F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{8A54441F-C34C-4AE3-8658-B7536B6FDDD7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{9788CD80-A617-4A4A-9601-A56A43DF2D67}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{9FEC4137-5809-4644-BADC-51104B343ADF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{D6AF40CE-BC6D-4DC6-83DF-8E9678249EE7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{34C15DBF-56E4-4C1F-ABD7-848922F1E645}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{430661F7-D817-48DC-AD50-CE04CF342FA3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{5C213885-3372-4310-AF03-93BC04721942}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{83382DDB-9F50-44CE-90AB-46F2C3D02BF3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{596DA8A2-C576-46F5-A92E-8C9CCECE4E9D}" = Serif PagePlus X3 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource "{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Ressourcen "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast" = avast! Free Antivirus "CCleaner" = CCleaner "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_PCI_VEN_14F1&DEV_5045" = HDAUDIO Soft Data Fax Modem with SmartCP "DVD Shrink_is1" = DVD Shrink 3.2 "Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mobile Partner" = Mobile Partner "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "ULTIMATER" = Microsoft Office Ultimate 2007 "Uninstall_is1" = Uninstall 1.0.0.1 "WinRAR archiver" = WinRAR "Xvid_is1" = Xvid 1.2.2 final uninstall ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.07.2012 07:38:14 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 07:47:45 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 09:48:34 | Computer Name = AniaSiemens | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MsiExec.exe, Version 4.0.6000.16386, Zeitstempel 0x4549af77, fehlerhaftes Modul QuickTime.qts_unloaded, Version 0.0.0.0, Zeitstempel 0x4f8f8aa7, Ausnahmecode 0xc0000005, Fehleroffset 0x6640aae9, Prozess-ID 0xd2c, Anwendungsstartzeit 01cd6f232c0756b0. Error - 31.07.2012 11:06:42 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 11:06:44 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 12:34:40 | Computer Name = AniaSiemens | Source = Windows Search Service | ID = 3026 Description = Error - 31.07.2012 13:04:49 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 13:04:49 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 14:06:30 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.07.2012 15:22:43 | Computer Name = AniaSiemens | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 03.12.2011 16:23:23 | Computer Name = AniaSiemens | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0018DE3100E9 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%258. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 04.12.2011 02:48:51 | Computer Name = AniaSiemens | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 03.12.2011 um 21:25:51 unerwartet heruntergefahren. Error - 05.05.2012 03:53:16 | Computer Name = AniaSiemens | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 05.05.2012 um 09:51:34 unerwartet heruntergefahren. Error - 07.05.2012 04:11:20 | Computer Name = AniaSiemens | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 05.05.2012 um 09:54:11 unerwartet heruntergefahren. Error - 07.05.2012 05:13:22 | Computer Name = AniaSiemens | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 07.05.2012 um 10:12:11 unerwartet heruntergefahren. Error - 17.05.2012 13:04:34 | Computer Name = AniaSiemens | Source = Service Control Manager | ID = 7009 Description = Error - 17.05.2012 13:04:34 | Computer Name = AniaSiemens | Source = Service Control Manager | ID = 7000 Description = Error - 08.07.2012 06:15:41 | Computer Name = AniaSiemens | Source = Service Control Manager | ID = 7011 Description = Error - 25.07.2012 11:35:08 | Computer Name = AniaSiemens | Source = Service Control Manager | ID = 7009 Description = Error - 25.07.2012 11:35:08 | Computer Name = AniaSiemens | Source = Service Control Manager | ID = 7000 Description = < End of report > Danke!!! |
Themen zu Malwarebytes hat dhxiuw.dat (Malware.Trace) entdeckt |
administrator, anti, anti-malware, antivir, appdata, autostart, dateien, explorer, folge, frage, gelöscht, google earth, install.exe, laptop, malwarebytes, msiexec.exe, neue, nicht möglich, office 2007, plug-in, roaming, speicher, suche, trojaner, updates, vaio, vista, windows, windows updates, windows vista |