|
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etcWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.11.2009, 21:16 | #1 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hallo, wie bereits beschrieben in der Überschrift öffnet mein Firefox am laufenden Band neue Fenster. Dies habe ich auch so in google eingegeben und bin auf die Seite hier gestoßen. ich habe festgestellt, dass Leuten, die in etwa das selbe Problem wie ich hatten geantwortet wurde, dass Sie eine HiJack Logfile posten sollten. Auch darüber habe ich mich "schlau" gemacht und diese anbei. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:36:56, on 09.11.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18319) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\pdf24\PDFBackend.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll (file missing) O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.3.1040\ssd.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Update Service (gupdate1c9e1ec14a53b5e) (gupdate1c9e1ec14a53b5e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku125.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11036 bytes ________________________________________________________ Ich hoffe hier kann man mir (einem völlig Ahnungslosen) helfen. Mit ganz einfachen Anweisungen! Ich freue mich auf eure Hilfe!!! |
25.11.2009, 10:57 | #2 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etcEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab. Poste bitte alle Logfiles in Code-Tags. Klicke antworten --> # danach [code]text[/code] So sollte das dann hier aussehen nach dem antworten: Code:
ATTFilter deine Logfile Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. schritt 1 Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
schritt 2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs %SYSTEMDRIVE%\*.exe %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 %SYSTEMDRIVE%\nvatabus.sys /s /md5 CREATERESTOREPOINT
schritt 3 Während dieser Scans soll(en):
Manche Logs sind sehr lange, bitte in mehrere Posts aufteilen.
__________________ |
28.11.2009, 16:19 | #3 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hallo Daniel, ich danke Dir für Deine Ausführungen.
__________________Ich hoffe, ich habe alles richtig gemacht & auch alle regeln befolgt (auch die eures Boards!) hier die Ergebnisse von CustomScan mit OTL: Code:
ATTFilter OTL logfile created on: 28.11.2009 15:39:53 - Run 1 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 88,70% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 88,07 Gb Free Space | 61,95% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 97,64 Gb Free Space | 68,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.11.28 15:36:15 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2009.11.07 14:33:03 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox 3.5 Beta 4\firefox.exe PRC - [2009.11.05 22:05:05 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe PRC - [2009.09.15 23:53:26 | 00,173,520 | ---- | M] () -- C:\Programme\PdaNet for iPhone\PdaNetPC.exe PRC - [2009.09.08 20:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe PRC - [2009.09.08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe PRC - [2009.09.02 14:59:32 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe PRC - [2009.09.02 14:59:32 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe PRC - [2009.09.02 14:56:44 | 02,799,104 | ---- | M] (SpeedBit Ltd.) -- C:\Programme\DAP\DAP.exe PRC - [2009.08.07 15:31:40 | 00,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2009.08.07 15:31:40 | 00,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.07.25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jusched.exe PRC - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.05.26 15:20:18 | 00,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 12:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.18 23:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.02.18 23:28:52 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.12.17 07:37:06 | 00,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe PRC - [2008.11.28 10:56:06 | 00,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.11.28 10:08:46 | 00,417,792 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.11.22 07:07:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2008.10.29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.04 04:09:02 | 00,069,632 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.09.19 04:00:10 | 06,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.29 17:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.04.25 21:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008.04.25 21:36:20 | 00,028,672 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008.04.25 21:36:02 | 00,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.04.25 19:08:48 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPHelper.exe PRC - [2008.04.25 19:08:40 | 01,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPEnh.exe PRC - [2008.03.03 13:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008.01.31 07:17:22 | 00,134,144 | ---- | M] () -- C:\Programme\pdf24\PDFBackend.exe PRC - [2008.01.21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008.01.21 03:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2007.12.06 16:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.05.31 09:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe PRC - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Common Files\LightScribe\LSSrvc.exe PRC - [2006.11.29 01:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2003.06.19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2009.11.28 15:36:15 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe MOD - [2008.01.21 03:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Sukoku Service) SRV - [2009.09.08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009.09.02 14:59:32 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService) SRV - [2009.08.07 15:31:40 | 00,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.05.31 13:33:55 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e1ec14a53b5e) Google Update Service (gupdate1c9e1ec14a53b5e) SRV - [2009.05.31 13:33:40 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009.05.28 13:57:22 | 00,245,760 | ---- | M] (SMServer) -- C:\Windows\System32\snmvtsvc.exe -- (SMServer) SRV - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.18 23:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008.11.28 10:56:06 | 00,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.11.22 07:07:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2008.10.04 04:09:02 | 00,069,632 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.07.29 17:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.04.25 21:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.04.25 21:36:02 | 00,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.03.03 13:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008.01.21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 16:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.05.31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.11.29 01:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006.11.02 10:46:05 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irmon.dll -- (Irmon) SRV - [2003.07.28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1 FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5 FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:2.0.0.1050 FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13 FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.8.1.4690 FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:1.11 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69 FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF [2009.09.14 15:14:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\2.0.0.1050\FF [2009.09.14 15:14:36 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2009.11.07 14:33:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2009.11.12 20:28:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.09.12 16:22:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.08.19 17:33:16 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2009.08.19 17:33:16 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.11.28 14:06:23 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions [2009.07.23 08:37:23 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66} [2009.09.16 14:28:28 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2009.05.31 13:44:49 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2009.11.12 18:08:27 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.11.10 08:58:22 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\anycolor.pavlos256@gmail.com [2009.05.28 19:14:12 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Media Access Startup) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll File not found O2 - BHO: (NP Helper Class) - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll () O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (System Search Dispatcher) - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\PDFBackend.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Programme\PdaNet for iPhone\PdaNetPC.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 |
28.11.2009, 16:21 | #4 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc TEIL 2 Code:
ATTFilter O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm () O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\AllMusicConverter\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\AllMusicConverter\YouTubeRipper.dll () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 03:34:27 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2009.11.22 14:11:46 | 00,000,000 | ---D | C] -- C:\Users\****\Documents\tax [2009.11.22 14:09:34 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2009.11.22 14:07:47 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Buhl [2009.11.22 14:07:34 | 00,000,000 | ---D | C] -- C:\Programme\Buhl finance [2009.11.22 14:06:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2009.11.22 14:06:42 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Buhl Data Service [2009.11.20 21:28:28 | 00,009,472 | ---- | C] (June Fabrics Technology) -- C:\Windows\System32\drivers\pnetmdm.sys [2009.11.20 21:28:28 | 00,000,000 | ---D | C] -- C:\Programme\PdaNet for iPhone [2009.11.20 20:26:45 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple_Inc [2009.11.14 19:12:32 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\MediaMonkey [2009.11.14 19:12:31 | 00,000,000 | ---D | C] -- C:\Programme\MediaMonkey [2009.02.20 22:49:15 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 16:46:00 | 00,102,912 | ---- | C] (Albert L Faber) -- C:\Users\****\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 00,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\****\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 00,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 00,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\bass.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009.11.28 15:40:44 | 02,621,440 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2009.11.28 15:40:38 | 00,002,475 | ---- | M] () -- C:\Users\****\Desktop\Microsoft Office Word 2003.lnk [2009.11.28 15:39:03 | 00,128,000 | ---- | M] () -- C:\Users\****\Desktop\**** Provisions.doc [2009.11.28 15:36:12 | 00,001,206 | ---- | M] () -- C:\Users\****\Desktop\My DAP Downloads.lnk [2009.11.28 15:10:00 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009.11.28 14:00:21 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.11.28 14:00:21 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.11.28 14:00:21 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.11.28 14:00:21 | 00,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.11.28 14:00:21 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.11.28 13:57:11 | 00,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2009.11.28 13:55:43 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009.11.28 13:55:30 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009.11.28 13:54:31 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2009.11.28 13:54:15 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.11.28 13:54:15 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.11.28 13:54:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.11.28 13:54:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.11.28 13:54:06 | 32,158,51520 | -HS- | M] () -- C:\hiberfil.sys [2009.11.26 17:50:08 | 00,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.11.26 17:50:08 | 00,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.11.26 17:49:47 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2009.11.26 17:48:43 | 00,036,328 | ---- | M] () -- C:\Users\****\Desktop\kündigung klarmobile.pdf [2009.11.26 11:21:27 | 04,918,988 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2009.11.26 10:51:49 | 03,766,816 | ---- | M] () -- C:\Users\****\Desktop\Original Zeugnis ******** **** IWS.pdf [2009.11.26 10:45:15 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.11.25 15:21:33 | 00,033,792 | ---- | M] () -- C:\Users\****\Desktop\Zeugnis IWS ****ander ****.doc [2009.11.23 21:20:00 | 00,002,507 | ---- | M] () -- C:\Users\****\Desktop\Microsoft Office Excel 2003.lnk [2009.11.23 17:59:09 | 00,436,356 | ---- | M] () -- C:\Users\****\Desktop\Kosten 1&1.pdf [2009.11.23 17:58:08 | 00,643,810 | ---- | M] () -- C:\Users\****\Desktop\Provision ****.pdf [2009.11.23 17:43:55 | 00,051,737 | ---- | M] () -- C:\Users\****\Desktop\Computer ****.pdf [2009.11.20 21:28:28 | 00,000,837 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2009.11.20 21:20:44 | 00,041,984 | ---- | M] () -- C:\Users\****\Desktop\WAP 1&1.doc [2009.11.20 21:11:35 | 00,010,507 | ---- | M] () -- C:\Users\****\Desktop\Vodafone_Germany.ipcc [2009.11.20 20:36:08 | 00,010,258 | ---- | M] () -- C:\Users\****\Desktop\maceinsteiger-de_vodafone_de.ipcc [2009.11.20 20:27:42 | 00,001,860 | ---- | M] () -- C:\Users\****\Desktop\de1&1_wvgEGyRKjHjgxl0QILAC.mobileconfig [2009.11.15 19:45:47 | 00,010,310 | ---- | M] () -- C:\Users\****\Desktop\maceinsteiger-de_t-mobile_de.ipcc [2009.11.14 19:12:37 | 00,000,786 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.11.28 15:39:03 | 00,128,000 | ---- | C] () -- C:\Users\****\Desktop\**** Provisions.doc [2009.11.26 17:48:55 | 00,036,328 | ---- | C] () -- C:\Users\****\Desktop\kündigung klarmobile.pdf [2009.11.26 10:52:05 | 03,766,816 | ---- | C] () -- C:\Users\****\Desktop\Original Zeugnis ****ander **** IWS.pdf [2009.11.23 17:59:18 | 00,436,356 | ---- | C] () -- C:\Users\****\Desktop\Kosten 1&1.pdf [2009.11.23 17:58:19 | 00,643,810 | ---- | C] () -- C:\Users\****\Desktop\Provision ****.pdf [2009.11.23 17:44:05 | 00,051,737 | ---- | C] () -- C:\Users\****\Desktop\Computer ****.pdf [2009.11.23 17:38:02 | 00,033,792 | ---- | C] () -- C:\Users\****\Desktop\Zeugnis IWS ****ander ****.doc [2009.11.20 21:28:28 | 00,000,837 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2009.11.20 21:20:44 | 00,041,984 | ---- | C] () -- C:\Users\****\Desktop\WAP 1&1.doc [2009.11.20 21:11:34 | 00,010,507 | ---- | C] () -- C:\Users\****\Desktop\Vodafone_Germany.ipcc [2009.11.20 20:27:42 | 00,001,860 | ---- | C] () -- C:\Users\****\Desktop\de1&1_wvgEGyRKjHjgxl0QILAC.mobileconfig [2009.11.20 20:23:15 | 00,010,258 | ---- | C] () -- C:\Users\****\Desktop\maceinsteiger-de_vodafone_de.ipcc [2009.11.15 19:45:47 | 00,010,310 | ---- | C] () -- C:\Users\****\Desktop\maceinsteiger-de_t-mobile_de.ipcc [2009.11.14 19:12:37 | 00,000,786 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [2009.07.01 20:27:58 | 00,000,569 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdbu.bin [2009.07.01 20:16:51 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.07.01 20:16:41 | 00,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.05.31 14:06:04 | 00,001,475 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml [2009.05.31 13:55:04 | 00,000,170 | ---- | C] () -- C:\Windows\wininit.ini [2009.05.30 18:08:42 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.30 18:02:19 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2009.05.30 17:59:44 | 00,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2009.05.28 16:51:20 | 00,067,072 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.27 05:50:45 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.26 15:24:33 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.26 15:24:31 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.02.20 14:14:09 | 00,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.02.20 14:10:52 | 00,006,073 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.02.20 13:59:58 | 00,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2009.02.20 13:58:56 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.01.22 19:28:59 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.01.22 19:13:54 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2009.01.22 19:13:54 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.11 04:27:31 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.11 04:27:24 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.11.11 04:27:24 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.11.11 04:26:52 | 00,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.08.13 16:46:00 | 00,155,136 | ---- | C] () -- C:\Users\****\AppData\Local\lame_enc.dll [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 00:06:48 | 00,064,000 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 00,019,456 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 00,143,872 | ---- | C] () -- C:\Users\****\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 00,015,872 | ---- | C] () -- C:\Users\****\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 00,029,184 | ---- | C] () -- C:\Users\****\AppData\Local\no23xwrapper.dll [2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.05.27 06:27:21 | 00,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.# [2009.01.22 18:59:31 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acer GameZone Console [2009.11.22 14:09:34 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2009.05.31 13:50:03 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\eSobi [2009.05.31 13:44:49 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kikin [2009.07.01 20:18:36 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAGIX [2009.05.28 20:06:45 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PowerCinema [2009.05.26 15:44:47 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftDMA [2009.11.12 18:22:30 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sprite Software [2009.05.30 21:02:19 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2009.08.20 19:17:31 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TomTom [2009.11.26 17:49:47 | 00,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2008.01.21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2008.01.21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2008.01.21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D74B6CF5 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:753F86A9 < End of report > |
28.11.2009, 16:23 | #5 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc und noch RootRepeal (Teil 1): Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/11/28 15:56 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8F890000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x8F89B000 Size: 40960 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9EF7C000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\ProgramData\Favorites Status: Locked to the Windows API! Path: C:\ProgramData\Favoriten Status: Locked to the Windows API! Path: C:\System Volume Information\{002d527a-d4e3-11de-9b69-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{cc4dd818-d144-11de-8819-00216b22d4b8}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d28bf81b-cf76-11de-8e5c-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d28bf8aa-cf76-11de-8e5c-8000600fe800}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d28bf8be-cf76-11de-8e5c-8000600fe800}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d28bf8c4-cf76-11de-8e5c-8000600fe800}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d28bf8ca-cf76-11de-8e5c-8000600fe800}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{dadba60f-c96c-11de-9fa2-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{393c2eb3-d825-11de-898c-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3b3bb928-d9b9-11de-8538-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{44c2c08d-d75f-11de-8013-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{7311f8bc-d5cb-11de-b359-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{7311f8d9-d5cb-11de-b359-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{738b7f18-cdce-11de-a4e2-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9e4982d7-cba1-11de-adfc-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{b7296626-ca27-11de-8b0f-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{370deef4-d031-11de-bdbe-001d72ed8e56}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Users\Default\Music Status: Locked to the Windows API! Path: C:\Users\Default\Pictures Status: Locked to the Windows API! Path: C:\Users\Default\Videos Status: Locked to the Windows API! Path: C:\Users\Public\Favorites Status: Locked to the Windows API! Path: C:\Users\Default\Documents\Eigene Bilder Status: Locked to the Windows API! Path: C:\Users\Default\Documents\Eigene Musik Status: Locked to the Windows API! Path: C:\Users\Default\Documents\Eigene Videos Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Music Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Pictures Status: Locked to the Windows API! Path: C:\Users\Default\Documents\My Videos Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SECURI~4.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE427A~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE3B5D~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE54EE~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE5DF7~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE9942~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE4BA2~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE5F3C~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE6D95~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE5FBC~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE6DB5~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE9AEB~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SECURI~4.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE427A~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6D95~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9e939bf13c8e24e5\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9e939bf13c8e24e5\_SERVI~1.INI Status: Locked to the Windows API! |
28.11.2009, 16:25 | #6 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Teil 2 Code:
ATTFilter Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18000_none_9c44425304e62138\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$B1AA~1.000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$DeleteMe.sorttbls.nlp.01c9e162d7124ea8.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6000.16720_none_81591d45b0e55432\MSBUIL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6000.20883_none_6a9133e9ca879925\MSBUIL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6001.18000_none_8133189db1382d8a\MSBUIL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6001.18111_none_813401fbb13760d3\MSBUIL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6001.22230_none_6a687297cadcd9e6\MSBUIL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6002.18005_none_810e9dd9b189c19e\MSBUIL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$B1AA~1.000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sorttbls.nlp.01c9e162d7124ea8.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$B1AA~1.000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sorttbls.nlp.01c9e162d7124ea8.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\$$B1AA~1.000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\$$DeleteMe.sorttbls.nlp.01c9e162d7124ea8.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$B1AA~1.000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sorttbls.nlp.01c9e162d7124ea8.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20935_none_b10f718cdaaf98e6\$$B1AA~1.000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20935_none_b10f718cdaaf98e6\$$DeleteMe.sorttbls.nlp.01c9e162d7124ea8.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6001.18000_none_6d5b1acee7eac7a6\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16386_none_a5546edcd05ac288\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.16386_none_6d869912e7931eda\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.16720_none_6d811f76e797ee4e\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.20883_none_56b9361b013a3341\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6001.18111_none_6d5c042ce7e9faef\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6001.22230_none_569074c9018f7402\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6002.18005_none_6d36a00ae83c5bba\ADONET~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18000_none_96c284fce6c3e38a\_NETWO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18000_none_7c8a736142707d89\MICROS~1.TAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\WiProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1176 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x9bb195ac #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x9bb19598 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x9bb1959d #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x9bb195a7 ==EOF== Naja, ich hoffe trotzdem, dass Du mir weiterhelfen kannst! Danke - freue mich auf weitere Hilfestellung!!! |
28.11.2009, 16:52 | #7 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Sehen wir mal ob ich helfen kann schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\DAP\dapieloader.dll (SpeedBit Ltd.) O2 - BHO: (Media Access Startup) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll File not found O2 - BHO: (NP Helper Class) - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll () O2 - BHO: (System Search Dispatcher) - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) :Files C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll C:\Programme\DAP\dapieloader.dll C:\Programme\kikin "%appdata%\kikin :Commands [purity] [emptytemp] [start explorer] [Reboot]
schritt 2 Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan) Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter: Malwarebytes - MajorGeeks.com - BestTechie
schritt 3 Downloade dir bitte GooredFix.exe auf Deinem Desktop.
Hinweis: Bitte nicht Option 2 selbständig laufen lassen. schritt 4 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Bitte poste in Deiner nächsten Antwort Log von OTL Fix Log von Malwarebytes Log von GooredFix Beide Logs von OTL Scan Berichte wie der Rechner läuft.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
28.11.2009, 17:22 | #8 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Log von OTL Fix Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully. C:\Programme\kikin\ie_kikin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF6C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully. C:\Programme\DAP\dapieloader.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}\ deleted successfully. C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\ deleted successfully. C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found. File C:\Programme\kikin\ie_kikin.dll not found. ========== FILES ========== File\Folder C:\Programme\System Search Dispatcher\1.4.3.1040\ssd.dll not found. File\Folder C:\Programme\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll not found. File\Folder C:\Programme\DAP\dapieloader.dll not found. File\Folder C:\Programme\kikin not found. File/Folder C:\Users\****\AppData\Roaming\kiki not found. ========== COMMANDS ========== [EMPTYTEMP] User: **** ->Temp folder emptied: -373453079 bytes ->Temporary Internet Files folder emptied: 42598929 bytes ->Java cache emptied: 27038436 bytes ->FireFox cache emptied: 100691723 bytes ->Apple Safari cache emptied: 38749403 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 86016 bytes Windows Temp folder emptied: 942495 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = -155,78 mb OTL by OldTimer - Version 3.1.11.1 log created on 11282009_165751 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
28.11.2009, 17:23 | #9 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Log von Malwarebytes Code:
ATTFilter alwarebytes' Anti-Malware 1.41 Datenbank Version: 3250 Windows 6.0.6001 Service Pack 1 28.11.2009 17:10:01 mbam-log-2009-11-28 (17-10-01).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 92571 Laufzeit: 3 minute(s), 16 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 4 Infizierte Registrierungsschlüssel: 22 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 20 Infizierte Dateien: 32 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\HPCommon.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690 (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050 (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\components (Adware.DoubleD) -> Delete on reboot. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Sukoku (Adware.Zwangi) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\Internet Saving Optimizer\3.8.1.4690\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\HPCommon.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.4.3.1040\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. |
28.11.2009, 17:24 | #10 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Log von GooredFix Code:
ATTFilter GooredFix by jpshortstuff (27.11.09.1) Log created at 17:18 on 28/11/2009 (Alex) Firefox version 3.5.5 (de) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [18:14 28/05/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [18:15 30/05/2009] ---------- Old Logs ---------- GooredFix[16.14.09_28-11-2009].txt GooredFix[16.14.58_28-11-2009].txt -=E.O.F=- |
28.11.2009, 17:28 | #11 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc OTL.Txt Code:
ATTFilter OTL logfile created on: 28.11.2009 17:21:06 - Run 2 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 93,25% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 91,80 Gb Free Space | 64,58% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 97,64 Gb Free Space | 68,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\****\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\PdaNet for iPhone\PdaNetPC.exe () PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) PRC - C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.) PRC - C:\Programme\DAP\DAP.exe (SpeedBit Ltd.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.) PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\pdf24\PDFBackend.exe () PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Sukoku Service) -- File not found SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (VideoAcceleratorService) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (gupdate1c9e1ec14a53b5e) Google Update Service (gupdate1c9e1ec14a53b5e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (SMServer) -- C:\Windows\System32\snmvtsvc.exe (SMServer) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Irmon) -- C:\Windows\System32\irmon.dll (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MusCAudio) -- C:\Windows\System32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (ROOTMODEM) -- C:\Windows\System32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (usb_rndisx) -- C:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology) DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1 FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5 FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13 FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:1.11 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2009.11.07 14:33:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2009.11.12 20:28:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.09.12 16:22:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.08.19 17:33:16 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2009.08.19 17:33:16 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.11.28 17:10:42 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions [2009.07.23 08:37:23 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66} [2009.09.16 14:28:28 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2009.05.31 13:44:49 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2009.11.12 18:08:27 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.11.10 08:58:22 | 00,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\kb5tuk1y.default\extensions\anycolor.pavlos256@gmail.com [2009.05.28 19:14:12 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\PDFBackend.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Programme\PdaNet for iPhone\PdaNetPC.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 |
28.11.2009, 17:29 | #12 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Teil 2 Code:
ATTFilter O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm () O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\AllMusicConverter\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\AllMusicConverter\YouTubeRipper.dll () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009.11.28 17:14:09 | 00,000,000 | ---D | C] -- C:\Users\****\Desktop\GooredFix Backups [2009.11.28 16:57:51 | 00,000,000 | ---D | C] -- C:\_OTL [2009.11.28 15:52:12 | 00,472,064 | ---- | C] ( ) -- C:\Users\****\Desktop\RootRepeal.exe [2009.11.25 12:59:11 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009.11.24 20:29:29 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2009.11.22 14:11:46 | 00,000,000 | ---D | C] -- C:\Users\****\Documents\tax [2009.11.22 14:09:34 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2009.11.22 14:07:47 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Buhl [2009.11.22 14:07:34 | 00,000,000 | ---D | C] -- C:\Programme\Buhl finance [2009.11.22 14:06:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2009.11.22 14:06:42 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Buhl Data Service [2009.11.20 21:28:28 | 00,009,472 | ---- | C] (June Fabrics Technology) -- C:\Windows\System32\drivers\pnetmdm.sys [2009.11.20 21:28:28 | 00,000,000 | ---D | C] -- C:\Programme\PdaNet for iPhone [2009.11.20 20:26:45 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple_Inc [2009.11.14 19:12:32 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\MediaMonkey [2009.11.14 19:12:31 | 00,000,000 | ---D | C] -- C:\Programme\MediaMonkey [2009.11.13 09:54:02 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2009.11.13 09:54:02 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2009.11.13 09:53:44 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2009.11.13 09:53:44 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2009.11.13 09:53:44 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2009.11.13 09:53:13 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2009.11.13 09:53:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2009.11.12 18:22:27 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sprite Software [2009.11.12 18:22:27 | 00,000,000 | ---D | C] -- C:\Users\****\Documents\My Mobile Device Backups [2009.11.12 18:22:19 | 00,000,000 | ---D | C] -- C:\Programme\Sprite Software [2009.11.12 18:21:00 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync [2009.11.12 18:07:06 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Internet Saving Optimizer [2009.11.11 10:25:55 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.11.11 10:25:51 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2009.11.10 10:19:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2009.11.09 11:39:37 | 00,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2009.11.09 11:39:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.11.09 11:39:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.11.09 11:39:31 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2009.11.09 11:39:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.09 11:36:42 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro [2009.11.07 13:11:47 | 00,000,000 | ---D | C] -- C:\Programme\Adobe [2009.11.01 11:14:47 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2009.11.01 11:14:45 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009.02.20 22:49:15 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 16:46:00 | 00,102,912 | ---- | C] (Albert L Faber) -- C:\Users\****\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 00,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\****\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 00,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 00,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\****\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2009.11.28 17:22:20 | 02,621,440 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2009.11.28 17:21:59 | 00,000,162 | -H-- | M] () -- C:\Users\****\Desktop\~$g von OTL Fix.doc [2009.11.28 17:21:55 | 00,000,162 | -H-- | M] () -- C:\Users\****\Desktop\~$g von Malwarebytes.doc [2009.11.28 17:19:11 | 00,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2009.11.28 17:18:27 | 00,002,475 | ---- | M] () -- C:\Users\****\Desktop\Microsoft Office Word 2003.lnk [2009.11.28 17:17:14 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009.11.28 17:17:07 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2009.11.28 17:16:54 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009.11.28 17:16:46 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.11.28 17:16:46 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.11.28 17:16:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.11.28 17:16:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.11.28 17:16:37 | 32,158,51520 | -HS- | M] () -- C:\hiberfil.sys [2009.11.28 17:15:52 | 00,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.11.28 17:15:52 | 00,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.11.28 17:15:31 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2009.11.28 17:15:29 | 04,933,295 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2009.11.28 17:11:39 | 00,040,448 | ---- | M] () -- C:\Users\****\Desktop\Log von Malwarebytes.doc [2009.11.28 17:11:33 | 00,029,184 | ---- | M] () -- C:\Users\****\Desktop\Log von OTL Fix.doc [2009.11.28 17:10:39 | 00,001,206 | ---- | M] () -- C:\Users\****\Desktop\My DAP Downloads.lnk [2009.11.28 17:10:00 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009.11.28 17:06:14 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.11.28 17:06:14 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.11.28 17:06:14 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.11.28 17:06:14 | 00,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.11.28 17:06:14 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.11.28 16:49:05 | 00,161,792 | ---- | M] () -- C:\Users\****\Documents\Troyanerboard text.doc [2009.11.28 15:55:56 | 00,151,254 | ---- | M] () -- C:\Users\****\Desktop\RootRepeal.dmp [2009.11.28 15:55:05 | 00,000,015 | ---- | M] () -- C:\Users\****\Desktop\settings.dat [2009.11.28 15:39:03 | 00,128,000 | ---- | M] () -- C:\Users\****\Desktop\**** Provisions.doc [2009.11.26 17:48:43 | 00,036,328 | ---- | M] () -- C:\Users\****\Desktop\kündigung klarmobile.pdf [2009.11.26 10:51:49 | 03,766,816 | ---- | M] () -- C:\Users\****\Desktop\Original Zeugnis ******** **** IWS.pdf [2009.11.26 10:45:15 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.11.25 15:21:33 | 00,033,792 | ---- | M] () -- C:\Users\****\Desktop\Zeugnis IWS ******** ****.doc [2009.11.23 21:20:00 | 00,002,507 | ---- | M] () -- C:\Users\****\Desktop\Microsoft Office Excel 2003.lnk [2009.11.23 17:59:09 | 00,436,356 | ---- | M] () -- C:\Users\****\Desktop\Kosten 1&1.pdf [2009.11.23 17:58:08 | 00,643,810 | ---- | M] () -- C:\Users\****\Desktop\Provision ****.pdf [2009.11.23 17:43:55 | 00,051,737 | ---- | M] () -- C:\Users\****\Desktop\Computer ****.pdf [2009.11.20 21:28:28 | 00,000,837 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2009.11.20 21:20:44 | 00,041,984 | ---- | M] () -- C:\Users\****\Desktop\WAP 1&1.doc [2009.11.20 21:11:35 | 00,010,507 | ---- | M] () -- C:\Users\****\Desktop\Vodafone_Germany.ipcc [2009.11.20 20:36:08 | 00,010,258 | ---- | M] () -- C:\Users\****\Desktop\maceinsteiger-de_vodafone_de.ipcc [2009.11.20 20:27:42 | 00,001,860 | ---- | M] () -- C:\Users\****\Desktop\de1&1_wvgEGyRKjHjgxl0QILAC.mobileconfig [2009.11.15 19:45:47 | 00,010,310 | ---- | M] () -- C:\Users\****\Desktop\maceinsteiger-de_t-mobile_de.ipcc [2009.11.14 19:12:37 | 00,000,786 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [2009.11.13 21:13:36 | 00,002,187 | ---- | M] () -- C:\Users\****\Desktop\Windows Mobile Device Center.lnk [2009.11.13 21:03:03 | 00,215,507 | ---- | M] () -- C:\Users\****\Desktop\PCMKeyboardEN-0.14.cab [2009.11.12 20:06:23 | 00,296,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009.11.12 18:14:26 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2009.11.12 11:42:07 | 00,000,318 | ---- | M] () -- C:\Windows\win.ini [2009.11.09 11:39:36 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.11.09 11:36:42 | 00,001,878 | ---- | M] () -- C:\Users\****\Desktop\HijackThis.lnk [2009.11.07 13:11:53 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2009.11.28 17:21:59 | 00,000,162 | -H-- | C] () -- C:\Users\****\Desktop\~$g von OTL Fix.doc [2009.11.28 17:21:55 | 00,000,162 | -H-- | C] () -- C:\Users\****\Desktop\~$g von Malwarebytes.doc [2009.11.28 17:11:39 | 00,040,448 | ---- | C] () -- C:\Users\****\Desktop\Log von Malwarebytes.doc [2009.11.28 17:11:33 | 00,029,184 | ---- | C] () -- C:\Users\****\Desktop\Log von OTL Fix.doc [2009.11.28 16:49:05 | 00,161,792 | ---- | C] () -- C:\Users\****\Documents\Troyanerboard text.doc [2009.11.28 15:55:49 | 00,151,254 | ---- | C] () -- C:\Users\****\Desktop\RootRepeal.dmp [2009.11.28 15:52:22 | 00,000,015 | ---- | C] () -- C:\Users\****\Desktop\settings.dat [2009.11.28 15:39:03 | 00,128,000 | ---- | C] () -- C:\Users\****\Desktop\**** Provisions.doc [2009.11.26 17:48:55 | 00,036,328 | ---- | C] () -- C:\Users\****\Desktop\kündigung klarmobile.pdf [2009.11.26 10:52:05 | 03,766,816 | ---- | C] () -- C:\Users\****\Desktop\Original Zeugnis ******** **** IWS.pdf [2009.11.23 17:59:18 | 00,436,356 | ---- | C] () -- C:\Users\****\Desktop\Kosten 1&1.pdf [2009.11.23 17:58:19 | 00,643,810 | ---- | C] () -- C:\Users\****\Desktop\Provision ****.pdf [2009.11.23 17:44:05 | 00,051,737 | ---- | C] () -- C:\Users\****\Desktop\Computer ****.pdf [2009.11.23 17:38:02 | 00,033,792 | ---- | C] () -- C:\Users\****\Desktop\Zeugnis IWS ******** ****.doc [2009.11.20 21:28:28 | 00,000,837 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2009.11.20 21:20:44 | 00,041,984 | ---- | C] () -- C:\Users\****\Desktop\WAP 1&1.doc [2009.11.20 21:11:34 | 00,010,507 | ---- | C] () -- C:\Users\****\Desktop\Vodafone_Germany.ipcc [2009.11.20 20:27:42 | 00,001,860 | ---- | C] () -- C:\Users\****\Desktop\de1&1_wvgEGyRKjHjgxl0QILAC.mobileconfig [2009.11.20 20:23:15 | 00,010,258 | ---- | C] () -- C:\Users\****\Desktop\maceinsteiger-de_vodafone_de.ipcc [2009.11.15 19:45:47 | 00,010,310 | ---- | C] () -- C:\Users\****\Desktop\maceinsteiger-de_t-mobile_de.ipcc [2009.11.14 19:12:37 | 00,000,786 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [2009.11.13 21:03:03 | 00,215,507 | ---- | C] () -- C:\Users\****\Desktop\PCMKeyboardEN-0.14.cab [2009.11.12 18:17:08 | 00,002,187 | ---- | C] () -- C:\Users\****\Desktop\Windows Mobile Device Center.lnk [2009.11.12 18:14:51 | 00,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.11.12 18:14:26 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2009.11.09 11:39:36 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.11.09 11:36:42 | 00,001,878 | ---- | C] () -- C:\Users\****\Desktop\HijackThis.lnk [2009.11.07 13:11:53 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009.07.01 20:27:58 | 00,000,569 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdbu.bin [2009.07.01 20:16:51 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.07.01 20:16:41 | 00,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.05.31 14:06:04 | 00,001,475 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml [2009.05.31 13:55:04 | 00,000,170 | ---- | C] () -- C:\Windows\wininit.ini [2009.05.30 18:08:42 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.30 18:02:19 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2009.05.30 17:59:44 | 00,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2009.05.28 16:51:20 | 00,067,072 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.27 05:50:45 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.26 15:24:33 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.26 15:24:31 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.02.20 14:14:09 | 00,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.02.20 14:10:52 | 00,006,073 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.02.20 13:59:58 | 00,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2009.02.20 13:58:56 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.01.22 19:28:59 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.01.22 19:13:54 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2009.01.22 19:13:54 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.11 04:27:31 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.11 04:27:24 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.11.11 04:27:24 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.11.11 04:26:52 | 00,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.08.13 16:46:00 | 00,155,136 | ---- | C] () -- C:\Users\****\AppData\Local\lame_enc.dll [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 00:06:48 | 00,064,000 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 00,019,456 | ---- | C] () -- C:\Users\****\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 00,143,872 | ---- | C] () -- C:\Users\****\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 00,015,872 | ---- | C] () -- C:\Users\****\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 00,029,184 | ---- | C] () -- C:\Users\****\AppData\Local\no23xwrapper.dll [2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D74B6CF5 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:753F86A9 < End of report > |
28.11.2009, 17:31 | #13 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc OTL Extras Code:
ATTFilter OTL Extras logfile created on: 28.11.2009 17:21:06 - Run 2 OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 93,25% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 91,80 Gb Free Space | 64,58% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 97,64 Gb Free Space | 68,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1199916533-2294184880-3576752702-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05FA27B0-56F7-44A1-A07C-8605C1934BB1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{20478DBD-9024-4CD5-BA3A-1A7D4A51C0D6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{38446EE4-F760-46FE-97F3-6D346B0D5563}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6D3544AB-79FC-44C2-B1B5-11DEA4B71DC1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C6BB3CAB-6587-406E-92D1-B8646AC35F90}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D9139F81-A830-4E78-AE84-E8C1A948DF1A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00007600-C351-4D0D-887F-438367E21DD4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{1A2792E7-BF7C-477B-AD5F-60F9CC7AE695}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2ECFD747-B87A-4379-BFF8-088B88A08A84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2F3B1B4D-472B-46F4-9544-46F7DC8729AD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5A819053-ABB6-47E4-9D16-EC89085FA270}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{5DB012BB-DF24-4364-8955-39DC01884B89}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6032F7D9-9E7A-4938-B40B-EBDB9B380074}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6B2B1A41-97F5-40E9-9F39-BF7F0A31995A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{727DC909-3A31-4704-9E16-A4466D594F7A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{7494DCAD-E537-42D3-B0DE-E94820A1E397}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{848CA979-E55B-4173-A811-2393897DC6C7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{87C1C5D6-E404-4877-A915-DF3C7B833D1D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{96643B35-92AC-4392-BED0-E4B8A493A3B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AE63E44C-E0D7-489E-96C7-5E8A294D6731}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{B181E2A3-E5A9-4E6D-851A-9C873693503E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B300B767-3959-4018-B248-6D9827E3DA5D}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{B4F365B8-5847-499E-B71A-E965D274445C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{B9AA12C9-3796-4481-BB3A-C0A55CA1B226}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BA97250D-8A31-4237-B152-5A65892739C5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{C3F995EC-3E35-48A0-A264-F20F0D4932C5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3FCA9E0-F281-45E8-9A07-8608DD92A903}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF304FD5-34D1-40CA-81CC-557E082F9CD2}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{E07AF2B2-A950-4724-8EAE-1AADBE66468A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{E14D3977-12C3-43D7-8B56-D61A6684F83D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E9131088-D67C-4FD0-B6BC-07CD8088D9E4}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{EA35326E-3E14-489D-9BC3-40DA24F4438D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "TCP Query User{D7159C7C-31A0-4A3B-A560-D7B21D14AE75}C:\program files\mozilla firefox 3.5 beta 4\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.5 beta 4\firefox.exe | "TCP Query User{E7925A0F-8101-4ADA-90E2-1A4694B4AA01}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | "TCP Query User{EB60F51C-9326-42D0-8D47-3E022B275ECF}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe | "UDP Query User{096482FB-339F-4249-89D7-E5C555F723B9}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe | "UDP Query User{1BE4496A-B175-4D88-90F4-B07408276983}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | "UDP Query User{752072C4-3E91-4259-B0AB-732EF888AA99}C:\program files\mozilla firefox 3.5 beta 4\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.5 beta 4\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{12FE558D-1FE1-4DEC-8C4A-F67C20F279B3}" = Application Suite "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15 "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409 "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AllMusicConverter_is1" = AllMusicConverter 3.8.5 "Alt WAV MP3 WMA OGG Converter 7.2 Shareware_is1" = Alt WAV MP3 WMA OGG Converter 7.2 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "Free CD to MP3 Converter" = Free CD to MP3 Converter "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0 "Google Updater" = Google Updater "GridVista" = Acer GridVista "HijackThis" = HijackThis 2.0.2 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11 "LIDL Fotoservice_is1" = LIDL Fotoservice "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaMonkey_is1" = MediaMonkey 3.0 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21) "NVIDIA Drivers" = NVIDIA Drivers "Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.2b "PdaNet_is1" = PdaNet Desktop for iPhone 1.54 "SpeedBit Video Accelerator" = SpeedBit Video Accelerator "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.7.0.1785 "VLC media player" = VLC media player 1.0.0-rc3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.11.2009 13:12:13 | Computer Name = ****-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\****\Downloads\1257762534-1257770034-4d8fda-B-b25937ef7cf44fbc7588ab7d0b3670e4.exe". Fehler in Manifest- oder Richtliniendatei "C:\Users\****\Downloads\1257762534-1257770034-4d8fda-B-b25937ef7cf44fbc7588ab7d0b3670e4.exe" in Zeile 0. Ungültige XML-Syntax. Error - 12.11.2009 13:16:10 | Computer Name = ****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b14e, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c, Ausnahmecode 0xc0000005, Fehleroffset 0x00038925, Prozess-ID 0x428, Anwendungsstartzeit 01ca63baa052041f. Error - 12.11.2009 13:20:52 | Computer Name = ****-PC | Source = VSS | ID = 8194 Description = Error - 12.11.2009 13:22:10 | Computer Name = ****-PC | Source = VSS | ID = 8194 Description = Error - 12.11.2009 13:52:55 | Computer Name = ****-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 12.11.2009 14:33:39 | Computer Name = ****-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 12.11.2009 14:38:04 | Computer Name = ****-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 12.11.2009 14:39:59 | Computer Name = ****-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 12.11.2009 14:55:08 | Computer Name = ****-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 12.11.2009 15:07:06 | Computer Name = ****-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 29.07.2009 03:24:43 | Computer Name = ****-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 29.07.2009 06:47:40 | Computer Name = ****-PC | Source = DCOM | ID = 10005 Description = Error - 29.07.2009 06:47:40 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Error - 29.07.2009 06:47:40 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.07.2009 14:18:16 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 29.07.2009 14:18:39 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 30.07.2009 02:36:35 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = Error - 30.07.2009 02:36:55 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 30.07.2009 02:42:37 | Computer Name = ****-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 30.07.2009 02:51:19 | Computer Name = ****-PC | Source = HTTP | ID = 15016 Description = < End of report > |
28.11.2009, 18:07 | #14 |
/// Selecta Jahrusso | Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Deinstalliere bitte kikin Plugin (NO23 Edition) 1.11 Google Updater Bonjour schritt 2 Java aktualisieren Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
schritt 3
schritt 4 Schliesse bitte alle laufenden Programme inkl Browser. Lösche bitte die Extra.txt von Deinem Desktop. Doppelklick auf die OTL.exe und poste beide Logfiles. Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
29.11.2009, 13:11 | #15 |
| Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc Hallo und guten Tag!!! Ich mußte gestern leider weg, sonst hätte ich die Schritte gestern schon gemacht!!! Also, die 3 Programme, die Du zum deinstalieren angegebn hast, habe ich deinstaliert. Ich habe auch Schritt2 durchgeführt, mir die JavaRa runtergeladen, als Admin. ausgeführt etc., alte Java Versionen in der Systemsteuerung gelöscht. Es wurde aber kein LogFile gespeichert. Ein Hinweisfeld teilte mir zwar mit, dass eins erstellt würde, aber es popte kein fenster auf!!! Schritt3 - da bin ich jetzt und komme nicht weiter. Das Program ESEt scant, und ist bereits seit 10min. an einem Punkt, wo es anscheinend nicht weiterkommt. C:\Acer\Preload\Autorun\APP\NTI\CDmaker.ver unabängig davaon habe ich seit gestern immer die Meldung 8Sinngemäß) auf meinem Bildschirm, dass nicht alle Datein im Autostart geladen werden 8wirklich nur Sinngemäß) Hat das was mit der ESEt-Datei "Autorun" vielleicht zu tun!?? Was soll ich machen!? Bin Dir jetzt schon dankbar, weil bis jetzt sind die Fenster nicht mehr aufgegangen (muss ja nix bedeuten...), ABER momentan bin ich über diese Tatsache sehr froh und DIR sehr dankbar, aber ich denke ich sollte was Du mir angeboten hast auch korrekt durchführen!? Gruß |
Themen zu Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc |
adobe, antivir, antivir guard, avg, avira, bho, canon, defender, desktop, excel, firefox, google, gupdate, hijack, hijackthis, hilfe!!, hilfe!!!, internet, internet explorer, launch, local\temp, logfile, mehrere fenster, mozilla, plug-in, problem, programdata, rundll, saving, software, spielen, system, temp, traces, vista, windows |