| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem SpoofingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.08.2012, 10:43
| #1 |
 |  Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Hallo, liebes Trojaner-Board! Seit etwa drei Wochen erscheint unter Windows 7 Pro 64-bit kurz nach dem Booten folgende Meldung:  Eine Minute danach wird tatsächlich neu gestartet. Da die Meldung nicht "original" aussieht, gehe ich von Schadsoftware aus. Ein Paar Fakten: - Abbruch mit shudown /a ist nicht möglich ("Der Computer wird heruntergefahren <1151>"). - Das Problem taucht auch im abgesicherten Modus auf, nicht aber, wenn die Internetverbindung fehlt. - Nach den Neustarts wird manchmal der TP-Link WLAN-Adapter nicht mehr erkannt, ansonsten keine weiteren Auffälligkeiten am Rechner. - Das Transfervolumen laut Router ist normal (im Zeitraum von 3 Wochen 8 GB in und 900 MB out) - Alle relevante Software (Windows, Java, Flash, Opera, Sophos, AnyConnect) wird stets aktualisiert. Hier ein Logfile von Hijackthis [Ich habe lediglich meinen wahren Username durch "Kansas" ersetzt. Mein System Root ist C:\Windows]: [CODE] HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:39:07, on 10.08.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe E:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Opera\opera.exe C:\Users\Kansas\Desktop\HiJackThis204.exe C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - e:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://J:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: C:\PROGRA~3\Sophos\SOPHOS~1\SOPHOS~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe O23 - Service: Sophos Web Intelligence Update (swi_update_64) - Sophos Limited - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8295 bytes Eine weitere Auffälligkeit, von der ich nicht weiß, ob sie mit dem o.g. Problem in Verbindung steht: Ich bin gerade auch Opfer einer Spoofing-Attacke. Ich habe eine private Domain, bei der eMail-Fetch-All aktiviert ist. Bei jeder Seite, an der ich mich anmelde, nutze ich dann eine spezifische Mailadresse, z.B. trojanerboard@meine-domain.de. So will ich erkennen, wer ggfs. meine Daten weitergibt und kann die dann weitergegebene Mailadresse im Spam-Filter blockieren. Die beim Spoofing gefälschten Absenderadressen (ich erkenne das an den Rückläufern) sind nun ausschließlich solche Adressen, die ich auch verwende! Es wird also immer nur verwendete_adresse@meine-domain.de gefälscht, NIE fantasie_adresse@meine-domain.de. Es handelt sich um etwa 100 Adressen, die ich auf verschiedensten Sites angegeben habe. Wie der Absender gerade diese fälschen kann ist mir ehrlich gesagt ein Rätsel. Auch die Rückläufer an nie_verwendete_adresse@meine-domain.de würde ich bekommen (Fetch All), aber der Angreifer liegt nie daneben! Bisher ergriffene Maßnahmen: - Ich boote das OS nicht mehr zum Arbeiten, bin auf Windows XP auf einer alten Platte ausgewichen. Das ist aber keine Dauerlösung. - Vollständiger Scan aller Medien mit Sophos (aktuell) im abgesicherten Modus -> keine Befunde - Komplett-Scan mit Malwarebytes (aktuell) -> keine Befunde - Scan aller Medien mit ESET online Scanner, Sophos dabei deaktiviert -> keine Befunde - Vollständiger Scan mit Kaspersky Rescue Disk -> keine Befunde  Könnt ihr mir da noch weiterhelfen? Vielen lieben Dank, Kansas Ich habe soeben nochmal mit aktuellen Sophos-Signaturen einen Komplettscan im abgesicherten Modus durchgeführt. Wieder nichts gefunden. Hier das Logfile: Code:
ATTFilter ****************** Sophos Anti-Virus Protokoll - 10.08.2012 11:47:56 **************
20120810 095209 Scan 'Neuer Scan' gestartet.
20120810 101109 Der Scan von 'C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\catroot2\edb.log' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\DEFAULT.LOG1' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\DEFAULT.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SAM.LOG1' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SAM.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SECURITY.LOG1' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SECURITY.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SOFTWARE.LOG1' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SOFTWARE.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SYSTEM.LOG1' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 101125 Der Scan von 'C:\Windows\System32\config\SYSTEM.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 103828 Der Scan von 'C:\Documents and Settings\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 105040 Der Scan von 'C:\Documents and Settings\All Users\Sophos\Sophos Anti-Virus\config\interchk.chk' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 105321 Der Scan von 'C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 105321 Der Scan von 'C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 110131 Der Scan von 'C:\Documents and Settings\Kansas\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 110131 Der Scan von 'C:\Documents and Settings\Kansas\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 110218 Der Scan von 'C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 111227 Der Scan von 'C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin' führte zu SAV Interface-Fehler 0xa0040210: Kein Zugriff auf Datei.
20120810 113105 Scan 'Neuer Scan' abgeschlossen.
20120810 113105 Ergebniszusammenfassung für Scan 'Neuer Scan':
Gescannte Objekte: 399436
Fehler: 22
Objekte in Quarantäne: 0
Behandelte Objekte: 0
|
|
11.08.2012, 15:24
| #2 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Hallo noch einmal!
__________________Ich hatte leider versäumt, dass Ihr die Auswertungen von OTL, nicht von HijackThis benötigt. Sorry! Den OTL-Scan habe ich nun nachgeholt: OTL.txt Code:
ATTFilter OTL logfile created on: 11.08.2012 16:11:38 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = E:\backups 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 74,87% Memory free 8,00 Gb Paging File | 7,01 Gb Available in Paging File | 87,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 67,00 Gb Free Space | 68,61% Space Free | Partition Type: NTFS Drive D: | 37,57 Gb Total Space | 16,77 Gb Free Space | 44,62% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 333,00 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Drive H: | 129,51 Gb Total Space | 34,88 Gb Free Space | 26,93% Space Free | Partition Type: NTFS Drive J: | 195,31 Gb Total Space | 39,25 Gb Free Space | 20,10% Space Free | Partition Type: NTFS Computer Name: KANSAS-PC | User Name: Kansas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.11 16:02:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\backups\OTL.exe PRC - [2012.07.28 14:06:48 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.08.06 01:02:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.28 14:07:21 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.07.28 14:06:58 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.07.28 14:06:57 | 002,862,656 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.07.28 14:06:50 | 000,216,600 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.07.28 14:06:48 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.07.28 14:06:37 | 002,009,152 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.06.19 21:12:28 | 000,645,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.28 22:56:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.28 14:07:04 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2012.07.28 14:06:54 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.28 22:07:49 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2011.09.22 20:29:18 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.01.05 04:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 AC 25 35 20 EB CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..extensions.enabledItems: ich@maltegoetz.de:1.2.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: e:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: e:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: e:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.04 21:52:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: E:\Program Files (x86)\Firefox\components [2012.01.29 13:14:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: E:\Program Files (x86)\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: e:\Programme\Mozilla Thunderbird\components [2012.06.22 11:10:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: e:\Programme\Mozilla Thunderbird\plugins [2012.04.12 13:04:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.22 11:10:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins [2012.04.12 13:04:19 | 000,000,000 | ---D | M] [2012.01.29 13:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kansas\AppData\Roaming\mozilla\Extensions [2012.05.31 23:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kansas\AppData\Roaming\mozilla\Firefox\Profiles\miv92cbs.default\extensions [2012.05.31 23:40:09 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Kansas\AppData\Roaming\mozilla\Firefox\Profiles\miv92cbs.default\extensions\ich@maltegoetz.de O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - e:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - J:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - J:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5166E256-8373-4553-872D-8C2E8BE75862}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B21B2A4-772E-4C0E-BD44-85CD8A78925F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~3\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~3\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~3\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~3\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.09 02:14:56 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 12:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.31 00:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.07.31 00:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.07.29 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Kansas\AppData\Roaming\Malwarebytes [2012.07.29 23:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 23:18:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.29 23:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.29 22:13:24 | 000,000,000 | ---D | C] -- C:\!KillBox [2012.07.29 21:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiSpyInfo [2012.07.29 21:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Spy.Info [2012.07.29 21:49:51 | 000,000,000 | ---D | C] -- C:\Users\Kansas\Desktop\backups [2012.07.29 21:41:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kansas\Desktop\HiJackThis204.exe [2012.07.29 12:39:53 | 000,000,000 | ---D | C] -- C:\Users\Kansas\AppData\Local\Sophos [2012.07.28 14:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.07.28 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems [2012.07.28 14:08:17 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.07.28 14:07:04 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.07.28 14:06:54 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys ========== Files - Modified Within 30 Days ========== [2012.08.11 16:10:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.11 16:10:11 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012.08.07 21:35:35 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 21:35:35 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 03:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.01 12:38:21 | 006,220,854 | ---- | M] () -- C:\Users\Kansas\Desktop\fehler.bmp [2012.07.29 23:19:28 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.29 12:37:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kansas\Desktop\HiJackThis204.exe [2012.07.28 14:07:04 | 000,036,640 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.07.28 14:06:54 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.07.28 14:06:54 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe ========== Files Created - No Company Name ========== [2012.08.01 12:38:21 | 006,220,854 | ---- | C] () -- C:\Users\Kansas\Desktop\fehler.bmp [2012.07.29 23:18:26 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.09 17:44:20 | 048,246,882 | ---- | C] () -- C:\Users\Kansas\fragenkatalog PP.pdf [2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.10.08 03:52:30 | 000,007,605 | ---- | C] () -- C:\Users\Kansas\AppData\Local\Resmon.ResmonCfg [2011.10.06 16:40:50 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2011.10.06 16:40:49 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll [2011.10.06 16:40:49 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2011.10.06 16:40:48 | 001,202,763 | ---- | C] () -- C:\Windows\unins002.exe [2011.10.06 16:40:48 | 000,012,746 | ---- | C] () -- C:\Windows\unins002.dat [2011.10.06 16:39:22 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2011.10.06 16:39:22 | 000,007,960 | ---- | C] () -- C:\Windows\unins001.dat [2011.10.06 16:38:30 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe [2011.10.06 16:38:30 | 000,021,531 | ---- | C] () -- C:\Windows\unins000.dat [2011.09.28 21:19:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.01.13 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Kansas\AppData\Roaming\InterVoip [2011.10.05 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\Kansas\AppData\Roaming\IrfanView [2011.10.21 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Kansas\AppData\Roaming\Opera [2011.09.29 22:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kansas\AppData\Roaming\Thunderbird [2012.07.12 15:26:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.08.2012 16:11:38 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\backups
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 74,87% Memory free
8,00 Gb Paging File | 7,01 Gb Available in Paging File | 87,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 67,00 Gb Free Space | 68,61% Space Free | Partition Type: NTFS
Drive D: | 37,57 Gb Total Space | 16,77 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 333,00 Gb Free Space | 90,46% Space Free | Partition Type: NTFS
Drive H: | 129,51 Gb Total Space | 34,88 Gb Free Space | 26,93% Space Free | Partition Type: NTFS
Drive J: | 195,31 Gb Total Space | 39,25 Gb Free Space | 20,10% Space Free | Partition Type: NTFS
Computer Name: KANSAS-PC | User Name: Kansas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "e:\Programme)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "e:\Programme)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002A66FB-2283-43CE-97F8-56431B034EE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{1908B29C-707C-4972-A16F-B7B53D0C3903}" = lport=139 | protocol=6 | dir=in | app=system |
"{2552632E-A6FA-48EB-A18D-AEDBFC662C89}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{286F4D48-4E15-469B-965B-1963A62D188F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EF2BE53-E5AF-4D0B-B3CA-B2A5A5E97B8F}" = lport=137 | protocol=17 | dir=in | app=system |
"{4315E4F7-3AA4-44EA-836D-DD57675C64C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{45E98646-395D-4FCC-86C6-D494A0FA2993}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E2A0B99-63E2-44B4-B969-F848E78826B3}" = lport=138 | protocol=17 | dir=in | app=system |
"{60712143-71B3-4B1B-8461-EDFA4B6D8CAB}" = rport=139 | protocol=6 | dir=out | app=system |
"{7557581F-2844-4682-A984-BD82BB52B9A2}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DE44477-965B-480B-BC83-0CF9824CAAED}" = rport=445 | protocol=6 | dir=out | app=system |
"{82A432DD-18EC-490E-BBA0-E86F8E557990}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8BB5340D-ABD0-40D6-9846-DB685D4557AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92B639AB-6659-4BA1-8EE2-DB956398CB8A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9A9F608A-4D41-4683-81C9-DB47F24E0AD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E8E1B34-5D62-4FFC-B9CC-E9330F2F4283}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5A5CCF7-9E45-4718-8BE5-783330F20CDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C74B4E26-9566-4829-B039-47D95EFC3011}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C80A4A4A-6CC2-4DB3-BC78-F72F99FCBDC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8E07D22-CDB7-4A78-AE24-47889DDD0FDA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAE838C4-2BDB-4A7E-A531-8F322A470400}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD0ADE7C-127F-4434-BE1B-9F108E5712CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2227D2F-1C24-46F6-8009-BFD39D58C555}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECD4E7B9-7F23-4D38-A07F-A9D099A25EDC}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9838485-FFE7-41A4-8BB0-68D02B87E48F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03096716-6876-4129-AA4A-92CF12AC96D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{084AA194-C04B-4893-8EDE-CBC7C9FC07CF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0EF4B14E-28F8-42AD-9644-EA3331742F3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{103AA711-33CB-4BDA-941D-B2593DF1F766}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15F1FBA5-9A1B-4183-8319-EB22077523CA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{36D3DABB-1E0D-47C3-B5E8-A4D73FB85B36}" = protocol=17 | dir=in | app=j:\programme\valve\steam\steam.exe |
"{3C83C36A-B6D6-4222-BF1A-E8F9A72DA302}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{499C55DB-4CB9-46D3-A3FF-4D5C706BF3FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DD85CCD-6744-455F-BD66-0F580EA0571E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A1C50D1-5D49-4EE9-88C3-3ED3B2FC995D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B33F6EC-C299-4E63-A03C-9B61C208A169}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{629D1E64-DF50-4AC4-8E78-B1867DE8BCFE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{767C3959-84F6-489C-898E-39EA448484A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BC30539-394D-4115-94A6-191D03CC7A30}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7CFB1461-E6DA-4086-B89C-012EFB6E8131}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA929726-6221-4B6C-9AB0-465F86B17B29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2FCFDA7-6FEC-42FA-9BE7-B332B0350BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{BAFEA9DD-0936-4F6E-B6D7-C9782F7FFC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7836C3E-ACCE-461B-86A9-9DC03302F02C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D729E803-6BD1-4E8C-B242-01B2F804B160}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9EAD82E-CBA2-4084-A79E-BEB822AF2505}" = protocol=6 | dir=out | app=system |
"{DED4673B-6C85-44CD-A46C-53582AE8F23F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E38525F6-8165-4982-A637-F9EFD640998B}" = protocol=6 | dir=in | app=j:\programme\valve\steam\steam.exe |
"{E44BB40A-1107-4023-8F5B-8122EADE61F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F440B149-3C38-40AB-9718-D6153B74698C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F5239D4D-FD68-4221-82B7-B8D497EA49AD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F7C0C0A0-E8B7-4809-BC97-F0AA59CCD925}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F8D6ED46-EB57-4988-8548-B568A8E24D8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA3CB012-0626-4C17-8FE7-245707FC0ABF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{4AA084F6-77EE-441A-936F-020A2C936FFB}J:\hdds\if\programme\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=j:\hdds\if\programme\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{69C8AA4B-C689-40EF-AE26-BCD87030827C}E:\programme\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=e:\programme\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{7CF2BC14-CEF0-47BD-B8F3-EB545159485E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{896CA0FF-D8E7-4ADB-A063-96E45073E938}E:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\programme\winamp\winamp.exe |
"TCP Query User{91F322DC-9D50-43F3-AC8F-5D641A85C8E0}C:\users\Kansas\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\Kansas\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"TCP Query User{963358BD-35B3-4A45-AB69-FFD8791683F3}J:\hdds\if\programme\microsoft games\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=j:\hdds\if\programme\microsoft games\age2_x1\age2_x1.exe |
"TCP Query User{9FA5DDEF-95B3-4155-B19A-3DFC6E4EF68E}J:\hdds\iih\programme\xfire\xfire.exe" = protocol=6 | dir=in | app=j:\hdds\iih\programme\xfire\xfire.exe |
"TCP Query User{D3E26B17-2222-49FE-8CD9-970080A553A4}E:\programme\opera\opera.exe" = protocol=6 | dir=in | app=e:\programme\opera\opera.exe |
"TCP Query User{D63EAFFA-02CC-4B77-A100-EE7C07682B5C}J:\hdds\iih\programme\opera9\opera.exe" = protocol=6 | dir=in | app=j:\hdds\iih\programme\opera9\opera.exe |
"TCP Query User{EF124198-0CC6-4D32-A04F-08B959631E3B}D:\programme\intervoip.com\intervoip\intervoip.exe" = protocol=6 | dir=in | app=d:\programme\intervoip.com\intervoip\intervoip.exe |
"UDP Query User{1B00AB1E-7436-455C-8C75-0421C7F44C78}E:\programme\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=e:\programme\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{2681C00E-0E7E-4163-9E83-9B373567FFB3}J:\hdds\if\programme\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=j:\hdds\if\programme\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{5655379F-71F5-4836-AEF0-C9909F1AD09C}E:\programme\opera\opera.exe" = protocol=17 | dir=in | app=e:\programme\opera\opera.exe |
"UDP Query User{56DA7B4A-D537-40B2-BDAD-268D177836AE}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{62E9BCFD-97E4-4C8A-B879-3E09FE29957C}J:\hdds\iih\programme\xfire\xfire.exe" = protocol=17 | dir=in | app=j:\hdds\iih\programme\xfire\xfire.exe |
"UDP Query User{76A2F174-DFAF-4502-8578-BEF570650D71}E:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\programme\winamp\winamp.exe |
"UDP Query User{77567AA4-B878-4F10-8C58-26D9820620F5}J:\hdds\iih\programme\opera9\opera.exe" = protocol=17 | dir=in | app=j:\hdds\iih\programme\opera9\opera.exe |
"UDP Query User{A33576E1-A2A4-4ED2-8A08-262ADB8C7803}C:\users\Kansas\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\Kansas\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{C5993921-4A0C-4915-8433-18E0A2C62FCC}J:\hdds\if\programme\microsoft games\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=j:\hdds\if\programme\microsoft games\age2_x1\age2_x1.exe |
"UDP Query User{F9B2C053-1C45-4876-AC0C-5B4E61F82BF4}D:\programme\intervoip.com\intervoip\intervoip.exe" = protocol=17 | dir=in | app=d:\programme\intervoip.com\intervoip\intervoip.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{67877084-BA3B-4574-9CA9-97133C3E87F8}" = Coby Media Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DFCF805-87AE-4969-9D85-9A0F9EDDC17F}" = The Bat! Professional v4.2.44
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Spy.Info" = Anti-Spy.Info 1.8d
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InterVoip_is1" = InterVoip
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (7.0)" = Mozilla Thunderbird (7.0)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.01.1532" = Opera 12.01
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.08.2012 18:38:55 | Computer Name = Kansas-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.08.2012 19:44:15 | Computer Name = Kansas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.08.2012 05:44:44 | Computer Name = Kansas-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.08.2012 06:14:38 | Computer Name = Kansas-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.08.2012 15:31:26 | Computer Name = Kansas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc10e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bc05
ID
des fehlerhaften Prozesses: 0x1fc Startzeit der fehlerhaften Anwendung: 0x01cd74d3228407e0
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 7a22b960-e0c6-11e1-a342-002215e0109e
Error - 07.08.2012 15:35:21 | Computer Name = Kansas-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.08.2012 04:40:24 | Computer Name = Kansas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc10e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000021cca
ID
des fehlerhaften Prozesses: 0x1fc Startzeit der fehlerhaften Anwendung: 0x01cd754164e42de0
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: b1cdf780-e134-11e1-bb89-002215e0109e
Error - 10.08.2012 05:50:29 | Computer Name = Kansas-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 17:26:26 | Computer Name = Kansas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc10e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000016ecf
ID
des fehlerhaften Prozesses: 0x1d8 Startzeit der fehlerhaften Anwendung: 0x01cd773e94ea7720
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0a5535e0-e332-11e1-8bf0-002215e0109e
Error - 10.08.2012 17:26:38 | Computer Name = Kansas-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 06.08.2012 05:43:14 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 07.08.2012 06:13:10 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 07.08.2012 15:31:00 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 07.08.2012 15:33:52 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 08.08.2012 04:40:13 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 10.08.2012 17:25:12 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 10.08.2012 17:25:12 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 10.08.2012 17:25:12 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 10.08.2012 17:25:12 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.08.2012 17:25:12 | Computer Name = Kansas-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 361 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ System Events ]
Error - 06.03.2012 06:44:36 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 06:44:36 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 14:17:44 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 06.03.2012 14:17:57 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 14:17:57 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 14:17:57 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 18:59:00 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 06.03.2012 18:59:12 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 18:59:12 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 06.03.2012 18:59:12 | Computer Name = Kansas-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
< End of report >
|
|
13.08.2012, 16:46
| #3 |
| /// Helfer-Team  | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ |
|
13.08.2012, 21:27
| #4 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Hallo und vielen Dank für deine Hilfe! ComboFix lief zügig und ohne Probleme durch, hier die Logs: Code:
ATTFilter ComboFix 12-08-13.01 - Kansas 13.08.2012 22:12:49.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2904 [GMT 2:00]
ausgeführt von:: c:\users\Kansas\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-13 bis 2012-08-13 ))))))))))))))))))))))))))))))
.
.
2012-08-13 20:16 . 2012-08-13 20:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-13 20:16 . 2012-08-13 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 12:43 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF4AE0B6-E1E9-42D8-A8BD-0DE9414E2638}\mpengine.dll
2012-07-31 10:15 . 2012-07-31 10:15 -------- d-----w- c:\program files (x86)\ESET
2012-07-30 22:06 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-30 22:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-30 22:05 . 2012-07-30 22:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-30 22:05 . 2012-07-30 22:05 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-29 21:18 . 2012-07-29 21:18 -------- d-----w- c:\users\Kansas\AppData\Roaming\Malwarebytes
2012-07-29 21:18 . 2012-07-29 21:18 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 21:18 . 2012-07-29 21:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 21:18 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 20:13 . 2012-07-29 21:13 -------- d-----w- C:\!KillBox
2012-07-29 19:57 . 2012-07-29 20:02 -------- d-----w- c:\programdata\AntiSpyInfo
2012-07-29 19:57 . 2012-07-29 19:57 -------- d-----w- c:\program files (x86)\Anti-Spy.Info
2012-07-29 10:39 . 2012-07-29 10:39 -------- d-----w- c:\users\Kansas\AppData\Local\Sophos
2012-07-28 12:08 . 2012-07-28 12:08 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2012-07-28 12:08 . 2012-07-28 12:06 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-07-28 12:07 . 2012-07-28 12:07 36640 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2012-07-28 12:06 . 2012-07-28 12:06 144672 ----a-w- c:\windows\system32\drivers\savonaccess.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 23:02 . 2012-06-11 18:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 23:02 . 2012-04-05 08:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 22:05 . 2011-10-06 14:39 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 01:19 . 2011-10-04 00:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 19:13 . 2012-06-19 19:13 10720 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-06-19 19:13 . 2012-06-19 19:13 30688 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-06-12 03:08 . 2012-07-11 21:20 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 08:02 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 08:02 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 08:02 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 08:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 08:02 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 08:02 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 08:02 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 22:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 22:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 22:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 22:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 22:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 22:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 22:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 22:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 22:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 21:16 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 21:16 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 21:16 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 21:17 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 21:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 21:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 21:17 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 21:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 21:16 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 21:17 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 21:17 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 21:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 21:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 21:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 21:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 21:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 21:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 08:02 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 08:02 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 08:02 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 08:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 08:02 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 08:02 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 08:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 08:02 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 08:02 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-08-12 900160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-08-12 2009152]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-07-28 36640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-09-28 25608]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-07-28 144672]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-08-12 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-07-28 139840]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-07-28 357400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-08-12 2863168]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-06-19 645088]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~3\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - j:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kansas\AppData\Roaming\Mozilla\Firefox\Profiles\miv92cbs.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2438158504-40595219-143018104-1000\Software\SecuROM\License information*]
"datasecu"=hex:e2,ac,14,9b,0e,b2,15,31,ea,8a,48,ac,22,ab,3d,9c,e8,30,90,b3,cb,
e9,d3,5a,94,da,4e,8d,63,ed,8f,42,8b,26,a1,fb,10,8a,f3,e0,4f,66,59,69,98,b2,\
"rkeysecu"=hex:4c,55,5e,08,2c,0a,82,0f,f8,3d,5e,5d,aa,95,4b,f6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-13 22:18:25
ComboFix-quarantined-files.txt 2012-08-13 20:18
.
Vor Suchlauf: 13 Verzeichnis(se), 71.543.971.840 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 71.887.294.464 Bytes frei
.
- - End Of File - - 7D5E015A8E9FEFC45DF2B276B0EB6F25
Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) - Deutsch Anti-Spy.Info 1.8d Cisco AnyConnect VPN Client Coby Media Manager D3DX10 DivX-Setup ESET Online Scanner v3 InterVoip IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 27 Java(TM) 7 Update 5 Malwarebytes Anti-Malware Version 1.62.0.1300 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox 9.0.1 (x86 de) Mozilla Thunderbird (7.0) Mozilla Thunderbird 14.0 (x86 de) MSVCRT NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Opera 12.01 Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Sophos Anti-Virus Sophos AutoUpdate Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack |
|
13.08.2012, 21:59
| #5 |
| /// Helfer-Team | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
13.08.2012, 23:55
| #6 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Erledigt!  Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kansas :: KANSAS-PC [Administrator] 13.08.2012 23:04:09 mbam-log-2012-08-13 (23-04-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 593636 Laufzeit: 1 Stunde(n), 47 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.08.2012, 00:00
| #7 |
| /// Helfer-Team | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
14.08.2012, 07:34
| #8 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Morgen!  Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/14/2012 at 08:33:23
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Kansas - KANSAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Kansas\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Kansas\AppData\LocalLow\boost_interprocess
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (de)
Profile name : default
File : C:\Users\Kansas\AppData\Roaming\Mozilla\Firefox\Profiles\miv92cbs.default\prefs.js
[OK] File is clean.
-\\ Opera v12.1.1532.0
File : C:\Users\Kansas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [915 octets] - [14/08/2012 08:33:23]
########## EOF - C:\AdwCleaner[R1].txt - [1042 octets] ##########
|
|
14.08.2012, 07:47
| #9 |
| /// Helfer-Team | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
14.08.2012, 08:06
| #10 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Klasse, das geht ja Schlaf auf Schlag! adwcleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/14/2012 at 08:52:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Kansas - KANSAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Kansas\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Kansas\AppData\LocalLow\boost_interprocess
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (de)
Profile name : default
File : C:\Users\Kansas\AppData\Roaming\Mozilla\Firefox\Profiles\miv92cbs.default\prefs.js
[OK] File is clean.
-\\ Opera v12.1.1532.0
File : C:\Users\Kansas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1043 octets] - [14/08/2012 08:33:23]
AdwCleaner[S1].txt - [1037 octets] - [14/08/2012 08:52:05]
########## EOF - C:\AdwCleaner[S1].txt - [1165 octets] ##########
So, nach einem langen Tag hier noch das Logfile von Emsisoft Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 14.08.2012 08:58:43
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, H:\, I:\, J:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 14.08.2012 08:59:02
J:\temp\ZOOMBRSR\ENGLISH\PSDK\PSCL2STI.DLL gefunden: Hoax.Win32.FlashApp.AMN!E1
J:\System Volume Information\_restore{EDA1D1F7-FD02-4448-8A2E-18F6A3E6C156}\RP196\A0023800.DLL gefunden: Hoax.Win32.FlashApp.AMN!E1
Gescannt 862475
Gefunden 2
Scan Ende: 14.08.2012 20:32:09
Scan Zeit: 11:33:07
Bei ZOOMBRSR handelt es sich um den ZoomBrowser EX von Canon, mit dem ich auf meine Digitalkamera zugreife. Die Scanzeit ist nur dadurch so lang, dass der Rechner zwischendurch 9 Stunden im Standby war. |
|
16.08.2012, 09:16
| #11 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Guten Morgen, lieber t'john, Fehlt noch ein weiterer Schritt? Sind wir fertig mit der Bereinigung?  Vielen Dank bis hierhin! |
|
16.08.2012, 12:19
| #12 |
| /// Helfer-Team | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
16.08.2012, 20:27
| #13 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Erledigt! Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-16 05:28:59
# local_time=2012-08-16 07:28:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 20378 96758646 0 0
# compatibility_mode=8192 67108863 100 0 1399056 1399056 0 0
# compatibility_mode=8449 16775165 50 97 178 27888328 0 0
# scanned=374162
# found=0
# cleaned=0
# scan_time=9343
|
|
17.08.2012, 01:02
| #14 |
| /// Helfer-Team | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
17.08.2012, 07:27
| #15 |
| | Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing Auch das wäre erledigt! Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Opera 12.01 ist aktuell
Flash (11,3,300,271) ist aktuell.
Java (1,7,0,6) ist aktuell.
Adobe Reader 10,1,4,0 ist aktuell.
|
|
| Themen zu Zwangs-Neustarts: "Ein kritischer Fehler ist aufgetreten." Kein Scanner findet etwas. Zudem Spoofing |
| abbruch, acrobat update, adobe, bho, booten, computer, desktop, explorer, fehler, flash player, hijack, hijackthis, internet explorer, kaspersky, kritischer fehler, logfile, monitor, mozilla, neustart des pcs, nicht möglich, nvidia, nvidia update, opera, performance, plug-in, problem, programme, scan, system, trojaner-board, windows, windows wird in einer minute neu gestartet, windows xp, wrapper |
Linear-Darstellung
