|
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etcWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.11.2009, 13:12 | #16 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Achtung, derweil ich es schreib läuft ESEt auch weiter |
29.11.2009, 13:17 | #17 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etcOnline Scans haben ab und an ihre macken. Aber ESET in meinen augen der zuverlässigste und schnellste Dauert ca ne stunde, also
__________________ |
29.11.2009, 14:22 | #18 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hmmmmmmmmmmmm....
__________________ist jetzt bei 43%...hat dafür: 1:22h gebaucht.....gibt heute viel: |
29.11.2009, 17:20 | #19 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hmmmm...vorhin habe ich nach 2.19h abgebrochen, weil sich prozentual am Fortschritt und Dateinmäßig nichts geändert hat in dem ESET programm. Danach es nochmals versucht. An selbiger Stelle steht das Programm jetzt wieder und es sind bereits zwei Stunden vergangen (erneut!) Was soll ich machen!? |
29.11.2009, 17:46 | #20 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
29.11.2009, 20:17 | #21 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hallo Daniel, gut Ding braucht Weile. Endlich ist nun der Kapersky lauf fertig. Anbei das Logfile. Es scheint 1 infizierte Datei/einen Fund zu geben! Code:
ATTFilter -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, November 29, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, November 29, 2009 16:51:12 Records in database: 3307864 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 127539 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 01:54:20 File name / Threat / Threats count C:\_OTL\MovedFiles\11282009_165751\C_Programme\System Search Dispatcher\1.4.3.1040\ssd.dll Infected: not-a-virus:AdWare.Win32.Agent.pml 1 Selected area has been scanned. Was soll ich als nächstes tun!??? Gruß |
29.11.2009, 20:49 | #22 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Berichte wie der Rechner läuft.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
29.11.2009, 23:00 | #23 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 29.11.2009 22:53:52 - Run 3 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,68% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 108,74 Gb Free Space | 76,49% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 97,63 Gb Free Space | 68,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1199916533-2294184880-3576752702-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05FA27B0-56F7-44A1-A07C-8605C1934BB1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0CA1894E-A6D0-4A78-8217-58375294475F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{20478DBD-9024-4CD5-BA3A-1A7D4A51C0D6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{38446EE4-F760-46FE-97F3-6D346B0D5563}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{661DD868-AB6B-4515-837E-FE92F5928E53}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6D3544AB-79FC-44C2-B1B5-11DEA4B71DC1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C171028B-4B38-488F-B1E0-EF1A2CA508E2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C502FF24-D701-40E7-B264-547F646D0A41}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C56AA661-B5C3-4A7E-8A90-CBB611C23B00}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C6BB3CAB-6587-406E-92D1-B8646AC35F90}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D9139F81-A830-4E78-AE84-E8C1A948DF1A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{F6DEF7E6-9144-425B-83B0-F761B97EEBA7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00007600-C351-4D0D-887F-438367E21DD4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{1A2792E7-BF7C-477B-AD5F-60F9CC7AE695}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2F3B1B4D-472B-46F4-9544-46F7DC8729AD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{31FEDB43-3F17-458A-9736-82A6E52A6E3D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5A819053-ABB6-47E4-9D16-EC89085FA270}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{5DB012BB-DF24-4364-8955-39DC01884B89}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6B2B1A41-97F5-40E9-9F39-BF7F0A31995A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{727DC909-3A31-4704-9E16-A4466D594F7A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{7494DCAD-E537-42D3-B0DE-E94820A1E397}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7AAE93A8-1261-4C9C-9A9E-A9033440E3B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{848CA979-E55B-4173-A811-2393897DC6C7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{87C1C5D6-E404-4877-A915-DF3C7B833D1D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{96643B35-92AC-4392-BED0-E4B8A493A3B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AE63E44C-E0D7-489E-96C7-5E8A294D6731}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{B181E2A3-E5A9-4E6D-851A-9C873693503E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B300B767-3959-4018-B248-6D9827E3DA5D}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{B4F365B8-5847-499E-B71A-E965D274445C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{B9AA12C9-3796-4481-BB3A-C0A55CA1B226}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BA97250D-8A31-4237-B152-5A65892739C5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{BDBC5C69-A72F-40AB-AEFE-4B0E225BADBB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3F995EC-3E35-48A0-A264-F20F0D4932C5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3FCA9E0-F281-45E8-9A07-8608DD92A903}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF304FD5-34D1-40CA-81CC-557E082F9CD2}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{D84C09C5-37E5-4AE8-8880-3AD0C76844FC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E07AF2B2-A950-4724-8EAE-1AADBE66468A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{E14D3977-12C3-43D7-8B56-D61A6684F83D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E2109F94-F3D7-48C5-9798-64883A6CA0A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E9131088-D67C-4FD0-B6BC-07CD8088D9E4}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{EA35326E-3E14-489D-9BC3-40DA24F4438D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "TCP Query User{D7159C7C-31A0-4A3B-A560-D7B21D14AE75}C:\program files\mozilla firefox 3.5 beta 4\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.5 beta 4\firefox.exe | "TCP Query User{E7925A0F-8101-4ADA-90E2-1A4694B4AA01}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | "TCP Query User{EB60F51C-9326-42D0-8D47-3E022B275ECF}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe | "UDP Query User{096482FB-339F-4249-89D7-E5C555F723B9}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe | "UDP Query User{1BE4496A-B175-4D88-90F4-B07408276983}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | "UDP Query User{752072C4-3E91-4259-B0AB-732EF888AA99}C:\program files\mozilla firefox 3.5 beta 4\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.5 beta 4\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{12FE558D-1FE1-4DEC-8C4A-F67C20F279B3}" = Application Suite "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409 "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AllMusicConverter_is1" = AllMusicConverter 3.8.5 "Alt WAV MP3 WMA OGG Converter 7.2 Shareware_is1" = Alt WAV MP3 WMA OGG Converter 7.2 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "ESET Online Scanner" = ESET Online Scanner v3 "Free CD to MP3 Converter" = Free CD to MP3 Converter "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0 "GridVista" = Acer GridVista "HijackThis" = HijackThis 2.0.2 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "LIDL Fotoservice_is1" = LIDL Fotoservice "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaMonkey_is1" = MediaMonkey 3.0 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21) "NVIDIA Drivers" = NVIDIA Drivers "Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.2b "PdaNet_is1" = PdaNet Desktop for iPhone 1.54 "SpeedBit Video Accelerator" = SpeedBit Video Accelerator "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.7.0.1785 "VLC media player" = VLC media player 1.0.0-rc3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.11.2009 14:26:06 | Computer Name = ****-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error - 13.11.2009 16:03:50 | Computer Name = ****-PC | Source = RapiMgr | ID = 6 Description = Windows Mobile-based USB device is plugged in but is unable to make a network connection to the desktop. Error - 13.11.2009 16:05:43 | Computer Name = ****-PC | Source = RapiMgr | ID = 6 Description = Windows Mobile-based USB device is plugged in but is unable to make a network connection to the desktop. Error - 13.11.2009 16:06:24 | Computer Name = ****-PC | Source = RapiMgr | ID = 6 Description = Windows Mobile-based USB device is plugged in but is unable to make a network connection to the desktop. Error - 13.11.2009 16:07:52 | Computer Name = ****-PC | Source = RapiMgr | ID = 6 Description = Windows Mobile-based USB device is plugged in but is unable to make a network connection to the desktop. Error - 13.11.2009 16:11:55 | Computer Name = ****-PC | Source = RapiMgr | ID = 6 Description = Windows Mobile-based USB device is plugged in but is unable to make a network connection to the desktop. Error - 14.11.2009 09:14:02 | Computer Name = ****-PC | Source = WinMgmt | ID = 10 Description = Error - 14.11.2009 12:39:00 | Computer Name = ****-PC | Source = WinMgmt | ID = 10 Description = Error - 14.11.2009 12:44:39 | Computer Name = ****-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\****\Downloads\1257762534-1257770034-4d8fda-B-b25937ef7cf44fbc7588ab7d0b3670e4.exe". Fehler in Manifest- oder Richtliniendatei "C:\Users\****\Downloads\1257762534-1257770034-4d8fda-B-b25937ef7cf44fbc7588ab7d0b3670e4.exe" in Zeile 0. Ungültige XML-Syntax. Error - 14.11.2009 12:44:39 | Computer Name = ****-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\****\Downloads\1257762534-1257770034-8177b5-B-f10d543540072eb0103609cd967afb83.exe". Fehler in Manifest- oder Richtliniendatei "C:\Users\****\Downloads\1257762534-1257770034-8177b5-B-f10d543540072eb0103609cd967afb83.exe" in Zeile 0. Ungültige XML-Syntax. [ System Events ] Error - 29.07.2009 03:20:08 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 29.07.2009 03:20:30 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.07.2009 03:24:43 | Computer Name = ****-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 29.07.2009 06:47:40 | Computer Name = ****-PC | Source = DCOM | ID = 10005 Description = Error - 29.07.2009 06:47:40 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Error - 29.07.2009 06:47:40 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.07.2009 14:18:16 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 29.07.2009 14:18:39 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 30.07.2009 02:36:35 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 30.07.2009 02:36:55 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
29.11.2009, 23:06 | #24 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc OTL.Txt Teil 1 Code:
ATTFilter OTL logfile created on: 29.11.2009 22:53:52 - Run 3 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,68% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 108,74 Gb Free Space | 76,49% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 97,63 Gb Free Space | 68,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\****\AppData\Local\Temp\jkos-****\binaries\ScanningProcess.exe (Kaspersky Lab.) PRC - C:\Users\****\AppData\Local\Temp\jkos-****\binaries\ScanningProcess.exe (Kaspersky Lab.) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) PRC - C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.) PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\pdf24\PDFBackend.exe () PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Sukoku Service) -- File not found SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (VideoAcceleratorService) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (gupdate1c9e1ec14a53b5e) Google Update Service (gupdate1c9e1ec14a53b5e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (SMServer) -- C:\Windows\System32\snmvtsvc.exe (SMServer) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Irmon) -- C:\Windows\System32\irmon.dll (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MusCAudio) -- C:\Windows\System32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usb_rndisx) -- C:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (ROOTMODEM) -- C:\Windows\System32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology) DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1 FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5 FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13 FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2009.11.07 14:33:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2009.11.12 20:28:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.09.12 16:22:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.08.19 17:33:16 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2009.08.19 17:33:16 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.11.29 18:02:33 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions [2009.07.23 08:37:23 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66} [2009.09.16 14:28:28 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2009.11.12 18:08:27 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.11.10 08:58:22 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\anycolor.pavlos256@gmail.com [2009.05.28 19:14:12 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\PDFBackend.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Programme\PdaNet for iPhone\PdaNetPC.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 |
29.11.2009, 23:07 | #25 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc OTL.Txt Teil 2 Code:
ATTFilter O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm () O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\AllMusicConverter\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\AllMusicConverter\YouTubeRipper.dll () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009.11.29 20:43:20 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2009.11.29 20:43:20 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009.11.29 20:43:19 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2009.11.29 20:43:17 | 00,000,000 | ---D | C] -- C:\Programme\Avira [2009.11.29 20:43:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira [2009.11.29 17:55:06 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2009.11.29 17:55:06 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2009.11.29 17:55:06 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2009.11.29 17:48:37 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009.11.29 17:48:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009.11.29 17:48:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.11.29 12:59:51 | 00,000,000 | ---D | C] -- C:\Windows\pss [2009.11.29 12:48:50 | 00,000,000 | ---D | C] -- C:\Programme\ESET [2009.11.29 12:39:16 | 00,000,000 | ---D | C] -- C:\Users\****\.SunDownloadManager [2009.11.28 16:57:51 | 00,000,000 | ---D | C] -- C:\_OTL [2009.11.25 12:59:11 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009.11.24 20:29:29 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2009.11.22 14:11:46 | 00,000,000 | ---D | C] -- C:\Users\****\Documents\tax [2009.11.22 14:09:34 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2009.11.22 14:07:47 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Buhl [2009.11.22 14:07:34 | 00,000,000 | ---D | C] -- C:\Programme\Buhl finance [2009.11.22 14:06:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2009.11.22 14:06:42 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Buhl Data Service [2009.11.20 21:28:28 | 00,009,472 | ---- | C] (June Fabrics Technology) -- C:\Windows\System32\drivers\pnetmdm.sys [2009.11.20 21:28:28 | 00,000,000 | ---D | C] -- C:\Programme\PdaNet for iPhone [2009.11.20 20:26:45 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple_Inc [2009.11.14 19:12:32 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\MediaMonkey [2009.11.14 19:12:31 | 00,000,000 | ---D | C] -- C:\Programme\MediaMonkey [2009.11.13 09:54:02 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2009.11.13 09:54:02 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2009.11.13 09:53:44 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2009.11.13 09:53:44 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2009.11.13 09:53:44 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2009.11.13 09:53:13 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2009.11.13 09:53:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2009.11.12 18:22:27 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sprite Software [2009.11.12 18:22:27 | 00,000,000 | ---D | C] -- C:\Users\****\Documents\My Mobile Device Backups [2009.11.12 18:22:19 | 00,000,000 | ---D | C] -- C:\Programme\Sprite Software [2009.11.12 18:21:00 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync [2009.11.12 18:07:06 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Internet Saving Optimizer [2009.11.11 10:25:55 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.11.11 10:25:51 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2009.11.10 10:19:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2009.11.09 11:39:37 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2009.11.09 11:39:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.11.09 11:39:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.11.09 11:39:31 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2009.11.09 11:39:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.09 11:36:42 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro [2009.11.07 13:11:47 | 00,000,000 | ---D | C] -- C:\Programme\Adobe [2009.11.01 11:14:47 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2009.11.01 11:14:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009.02.20 22:49:15 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 16:46:00 | 00,102,912 | ---- | C] (Albert L Faber) -- C:\Users\****\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 00,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\****\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 00,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 00,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2009.11.29 22:53:35 | 02,621,440 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2009.11.29 22:51:53 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009.11.29 22:51:52 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009.11.29 22:51:51 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009.11.29 22:51:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.11.29 21:59:00 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.11.29 21:59:00 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.11.29 20:43:31 | 00,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2009.11.29 18:48:40 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.11.29 18:48:40 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.11.29 18:48:40 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.11.29 18:48:40 | 00,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.11.29 18:48:40 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.11.29 17:59:59 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2009.11.29 17:58:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.11.29 17:58:42 | 00,296,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009.11.29 17:57:52 | 32,158,51520 | -HS- | M] () -- C:\hiberfil.sys [2009.11.29 17:56:52 | 00,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.11.29 17:56:52 | 00,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.11.29 17:56:31 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2009.11.29 17:50:54 | 05,090,376 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2009.11.29 17:48:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009.11.29 17:48:22 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009.11.29 17:48:22 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.11.29 17:48:21 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009.11.29 12:32:27 | 00,002,475 | ---- | M] () -- C:\Users\****\Desktop\Microsoft Office Word 2003.lnk [2009.11.28 17:10:39 | 00,001,206 | ---- | M] () -- C:\Users\****\Desktop\My DAP Downloads.lnk [2009.11.28 16:49:05 | 00,161,792 | ---- | M] () -- C:\Users\****\Documents\Troyanerboard text.doc [2009.11.26 10:45:15 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.11.23 21:20:00 | 00,002,507 | ---- | M] () -- C:\Users\****\Desktop\Microsoft Office Excel 2003.lnk [2009.11.20 21:28:28 | 00,000,837 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2009.11.14 19:12:37 | 00,000,786 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [2009.11.13 21:13:36 | 00,002,187 | ---- | M] () -- C:\Users\****\Desktop\Windows Mobile Device Center.lnk [2009.11.12 18:14:26 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2009.11.12 11:42:07 | 00,000,318 | ---- | M] () -- C:\Windows\win.ini [2009.11.09 11:39:36 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.11.09 11:36:42 | 00,001,878 | ---- | M] () -- C:\Users\****\Desktop\HijackThis.lnk [2009.11.07 13:11:53 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2009.11.29 20:43:31 | 00,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2009.11.28 16:49:05 | 00,161,792 | ---- | C] () -- C:\Users\****\Documents\Troyanerboard text.doc [2009.11.20 21:28:28 | 00,000,837 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2009.11.14 19:12:37 | 00,000,786 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [2009.11.12 18:17:08 | 00,002,187 | ---- | C] () -- C:\Users\****\Desktop\Windows Mobile Device Center.lnk [2009.11.12 18:14:51 | 00,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.11.12 18:14:26 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2009.11.09 11:39:36 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.11.09 11:36:42 | 00,001,878 | ---- | C] () -- C:\Users\****\Desktop\HijackThis.lnk [2009.11.07 13:11:53 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009.10.20 20:11:31 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.01 20:27:58 | 00,000,569 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdbu.bin [2009.07.01 20:16:51 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.07.01 20:16:41 | 00,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.05.31 14:06:04 | 00,001,475 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml [2009.05.31 13:55:04 | 00,000,170 | ---- | C] () -- C:\Windows\wininit.ini [2009.05.30 18:08:42 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.30 18:02:19 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2009.05.30 17:59:44 | 00,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2009.05.28 16:51:20 | 00,067,072 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.27 05:50:45 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.26 15:24:33 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.26 15:24:31 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.02.20 14:14:09 | 00,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.02.20 14:10:52 | 00,006,073 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.02.20 13:59:58 | 00,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2009.02.20 13:58:56 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.01.22 19:28:59 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.01.22 19:13:54 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2009.01.22 19:13:54 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.11 04:27:31 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.11 04:27:24 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.11.11 04:27:24 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.11.11 04:26:52 | 00,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.08.13 16:46:00 | 00,155,136 | ---- | C] () -- C:\Users\****\AppData\Local\lame_enc.dll [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 00:06:48 | 00,064,000 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 00,019,456 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 00,143,872 | ---- | C] () -- C:\Users\****\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 00,015,872 | ---- | C] () -- C:\Users\****\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 00,029,184 | ---- | C] () -- C:\Users\****\AppData\Local\no23xwrapper.dll [2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D74B6CF5 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:753F86A9 < End of report > Die leidigen Werbefenster in Firefox kommen auch nicht mehr hoch! Bis hierhin danke ich Dir Daniel schon mal sehr! Gibt es noch etwas, was man tun kann/muss!? Kann man euch (der Seite)/Dir irgendwie eine Spende geben!? |
30.11.2009, 00:03 | #26 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Mit was ich mich noch nicht so anfreunden kann. Code:
ATTFilter Download Accelerator Plus schritt 1 Bitte jedenfalls deinstallieren. ESET Online Scanner v3 schritt 2 windows +r taste --> cmd (eingeben) --> OK Gib nun bitte folgendes ein und bestätige mit enter. Code:
ATTFilter sc delete "Sukoku Service" schritt 3 Starte OTL. Klicke rechts oben auf den CLeanUP Button. Dies wird einiges der Tools entfernen, die wir benötigt haben. Sollte jedoch etwas bestehen bleiben, bitte manuell entfernen. schritt 4 Poste mir eine HJT Logfile
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.11.2009, 12:07 | #27 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hallo Daniel, Download Accelerator plus DAP wurde gerade von mir gelöscht!! Schritt 1: ESEt wurde auch gelöscht! Schritt 2: Funktioniert nicht...habe Dir hier beigefügt was passiert (habe verschiedene Schreibvarianten ausprobiert!) Code:
ATTFilter Microsoft Windows [Version 6.0.6002] Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten. C:\Users\****>sc delete "Sukoku Service" [SC] OpenService FEHLER 5: Zugriff verweigert C:\Users\****>delete "Sukoku Service" Der Befehl "delete" ist entweder falsch geschrieben oder konnte nicht gefunden werden. C:\Users\****>sc delete Sukoku Service [SC] OpenService FEHLER 1060: Der angegebene Dienst ist kein installierter Dienst. C:\Users\****> ???? Gruß |
30.11.2009, 12:19 | #28 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Starte Hijackthis--> open Misc Tool selection--> delete an NT Service Kopiere nun bitte den Namen aus der Code-Box und füge ihn in das Fenster ein Code:
ATTFilter Sukoku Service Poste bitte eine neue HJT Logfile.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.11.2009, 12:24 | #29 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hi, diese Meldung kommt hoch: Code:
ATTFilter The service „Sukoku Service“ is enabled and/or running. Disable it first using HijackThis itself (from the scan results) or the service.msc window. |
30.11.2009, 12:44 | #30 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Okay, windows +r taste --> services.msc (eingeben) --> OK Such dir den Sukoku Service und stelle den auf Starttyp manuell. Danach mach das selbe mit HJT nocheinmal. sonst killen wir den anders
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc |
adobe, antivir, antivir guard, avg, avira, bho, canon, defender, desktop, excel, firefox, google, gupdate, hijack, hijackthis, hilfe!!, hilfe!!!, internet, internet explorer, launch, local\temp, logfile, mehrere fenster, mozilla, plug-in, problem, programdata, rundll, saving, software, spielen, system, temp, traces, vista, windows |