|
Plagegeister aller Art und deren Bekämpfung: TR/Ag.210944 Internet Explorer öffnet sich von selbstWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.04.2010, 15:50 | #1 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst hallo, habe ein kleines problem. und zwar: seit dem ich mir das programm 'fraps' [damit kann man bildschirm-aufnahmen während eines spiels machen] heruntergeladen habe (natürlich die vollversion ) öffnet sich mehrmals am tag mein internet explorer mit den verschiedensten werbungen AntiVir hat auch schon mehrmals angeschlagen : In der Datei 'C:\Users\****\AppData\Local\Temp\Nxv.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Ag.262656' [trojan] gefunden. Die Datei 'C:\Users\****\AppData\Local\Temp\sshnas21.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Ag.210944' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations> konnte nicht entfernt werden. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht gelöscht werden! Der Registrierungseintrag <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations> konnte nicht entfernt werden. Die Datei wurde zum Löschen nach einem Neustart markiert. danke im vorraus für die hilfe mR. suelle |
15.04.2010, 18:35 | #2 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Logfile of Trend Micro HijackThis v2.0.2
__________________Scan saved at 19:30:27, on 15.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe D:\Programme\TuneUp2010\TuneUpUtilitiesApp32.exe C:\Users\Timo\AppData\Local\Temp\Nxw.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\avmwlanstick\FRITZWLANMini.exe C:\Program Files\Windows Sidebar\sidebar.exe D:\Programme\ICQ7.0\ICQ.exe D:\Spiele\Steam\Steam.exe C:\Windows\system32\wuauclt.exe D:\Programme\TuneUp2010\OneClick.exe C:\Users\Timo\AppData\Local\Temp\Nxx.exe D:\Programme\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programme\Snagit\SnagitBHO.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programme\Snagit\SnagitIEAddin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ICQ] "D:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [Steam] "d:\spiele\steam\steam.exe" -silent O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Timo\AppData\Local\Temp\Nxx.exe O4 - HKLM\..\Policies\Explorer\Run: [svhost] C:\Windows\sys32\svhost.exe O4 - HKCU\..\Policies\Explorer\Run: [svhost] C:\Windows\sys32\svhost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: RealTempGT.lnk = D:\Programme\RealTemp_340\RealTempGT.exe O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe O13 - Gopher Prefix: O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - D:\Programme\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @D:\Programme\TuneUp2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Programme\TuneUp2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TuneUp2010\TuneUpUtilitiesService32.exe -- End of file - 5931 bytes |
17.04.2010, 20:45 | #3 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst okay die hilfe kam nicht ... naja hat sich jetzt erledigt ... danke für die viele hilfe ... -.-
__________________ |
17.04.2010, 20:47 | #4 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Hi, falls es sich doch nicht erledigt hat: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.04.2010, 13:02 | #5 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Hey, okay dann werd ich die programme mal ihre arbeit machen lassen. komischerweiße hat sich gerade als ich das maleware programm geöffnet habe der internetexplorer wieder geöffnet -.- danke schonmal für deine hilfe, poste den log wenn alles fertig ist! mR. suelle |
18.04.2010, 15:48 | #6 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst MAM Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4003 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 18.04.2010 16:04:46 mbam-log-2010-04-18 (16-04-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|) Durchsuchte Objekte: 373043 Laufzeit: 1 Stunde(n), 4 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\Timo\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Timo\AppData\Local\Temp\Nxy.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Timo\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. OTL OTL logfile created on: 18.04.2010 16:10:57 - Run 2 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Timo\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 92,77 Gb Free Space | 63,33% Space Free | Partition Type: NTFS Drive D: | 319,28 Gb Total Space | 12,99 Gb Free Space | 4,07% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIMOGAMING Current User Name: Timo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.) PRC - D:\Programme\TuneUp2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - D:\Programme\TuneUp2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Modules (SafeList) ========== MOD - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.Defrag) -- D:\Programme\TuneUp2010\TuneUpDefragService.exe (TuneUp Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TuneUp2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (NBService) -- D:\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (WinRing0_1_2_0) -- D:\Programme\RealTemp_340\WinRing0.sys (OpenLibSys.org) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TuneUp2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 30 BB DD CA 6A CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.04.05 17:51:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.04.05 17:51:20 | 000,000,000 | ---D | M] [2009.11.21 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions [2010.04.18 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\mhpsqhx0.default\extensions [2010.03.26 16:50:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\mhpsqhx0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.01 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\mhpsqhx0.default\extensions\allglassv2@ambroos.neowin.net [2010.01.24 20:46:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\mhpsqhx0.default\extensions\Foxdie@tanjihay.com [2010.01.24 20:46:36 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\mhpsqhx0.default\extensions\foxdie_ext_ocelot@foxdie.us [2010.01.24 20:46:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\mhpsqhx0.default\extensions\FoxdieGraphite@tanjihay.com [2010.04.16 14:40:41 | 000,000,944 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\FireFox\Profiles\mhpsqhx0.default\searchplugins\icqplugin.xml [2010.02.02 16:46:44 | 000,001,713 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\FireFox\Profiles\mhpsqhx0.default\searchplugins\youtube-videosuche.xml O1 HOSTS File: ([2010.02.22 22:33:57 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programme\Snagit\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programme\Snagit\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.) O4 - HKCU..\Run: [Steam] d:\spiele\steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTempGT.lnk = D:\Programme\RealTemp_340\RealTempGT.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: svhost = C:\Windows\sys32\svhost.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: svhost = C:\Windows\sys32\svhost.exe File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.182.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Timo\AppData\Roaming\wayh.exe) - C:\Users\Timo\AppData\Roaming\wayh.exe (YZu) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{29471910-d6cf-11de-bfd7-001f3f086d82}\Shell - "" = AutoRun O33 - MountPoints2\{29471910-d6cf-11de-bfd7-001f3f086d82}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.18 13:58:42 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2010.04.18 13:51:26 | 000,000,000 | ---D | C] -- C:\Programme\AVM_update [2010.04.17 01:32:32 | 000,196,608 | RHS- | C] (YZu) -- C:\Users\Timo\AppData\Roaming\wayh.exe [2010.04.16 17:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2010.04.16 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Malwarebytes [2010.04.16 14:29:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.16 14:29:32 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.16 14:29:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.16 14:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.15 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\VisualBoyAdvance-1.7.2 [2010.04.15 21:28:25 | 000,000,000 | ---D | C] -- C:\Programme\TightVNC [2010.04.15 20:32:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.04.15 19:30:15 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.15 15:35:15 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 15:35:15 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 15:35:15 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.13 15:50:24 | 000,000,000 | ---D | C] -- C:\Fraps [2010.04.13 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\gctmp [2010.04.13 15:32:42 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Xenocode [2010.04.12 19:25:43 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\hotel [2010.04.11 19:27:09 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Gammel Archiv [2010.04.05 17:51:49 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.04.05 17:51:48 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.04.05 17:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.05 17:51:14 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.04.05 17:50:50 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.04.05 17:50:13 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.04.05 17:46:30 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Diagnostics [2010.04.05 17:15:30 | 000,000,000 | ---D | C] -- C:\Programme\RegCleaner [2010.04.04 14:13:15 | 000,000,000 | ---D | C] -- C:\Programme\V2W [2010.04.04 14:13:14 | 010,309,467 | ---- | C] (Axialis Software) -- C:\Windows\System32\Super Mario Bros..scr [2010.04.04 14:13:08 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Axialis [2010.04.01 18:23:36 | 000,172,032 | ---- | C] (GxieL9) -- C:\Users\Timo\AppData\Roaming\bf.exe [2010.03.31 17:56:12 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.03.31 17:56:12 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.03.31 17:56:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.03.29 16:05:14 | 000,000,000 | ---D | C] -- C:\Programme\fritz.box_ipchanger [2010.03.27 17:31:58 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.03.27 17:31:56 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.03.27 17:31:56 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.03.27 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\TuneUp Software [2010.03.27 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010.03.27 17:30:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.03.27 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Avira [2010.03.27 17:21:17 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.03.27 17:21:17 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.03.20 19:58:05 | 000,000,000 | ---D | C] -- C:\Casino [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.18 16:08:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.18 16:08:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.18 16:07:21 | 008,650,752 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT [2010.04.18 16:07:19 | 001,349,083 | -H-- | M] () -- C:\Users\Timo\AppData\Local\IconCache.db [2010.04.18 13:58:45 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2010.04.18 13:37:17 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.18 13:37:17 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.18 13:34:26 | 000,830,490 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.18 13:34:26 | 000,660,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.18 13:34:26 | 000,182,738 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.18 13:34:26 | 000,153,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.18 13:34:26 | 000,004,564 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.17 11:47:00 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.04.17 11:46:51 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.04.17 01:32:32 | 000,196,608 | RHS- | M] (YZu) -- C:\Users\Timo\AppData\Roaming\wayh.exe [2010.04.16 14:29:36 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.15 20:28:28 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.04.15 19:30:15 | 000,002,039 | ---- | M] () -- C:\Users\Timo\Desktop\HijackThis.lnk [2010.04.13 15:50:57 | 000,000,000 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\chrtmp [2010.04.13 15:50:25 | 000,000,562 | ---- | M] () -- C:\Users\Timo\Desktop\Fraps.lnk [2010.04.09 14:17:48 | 000,012,288 | -H-- | M] () -- C:\Users\Timo\Desktop\photothumb.db [2010.04.05 17:52:00 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.05 17:17:02 | 000,000,928 | ---- | M] () -- C:\Users\Timo\Desktop\RegCleaner.lnk [2010.04.04 14:13:14 | 010,309,467 | ---- | M] (Axialis Software) -- C:\Windows\System32\Super Mario Bros..scr [2010.04.01 22:24:34 | 002,535,485 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\ fraps303.exe [2010.04.01 18:23:36 | 000,172,032 | ---- | M] (GxieL9) -- C:\Users\Timo\AppData\Roaming\bf.exe [2010.03.30 17:53:00 | 000,000,917 | ---- | M] () -- C:\Users\Timo\Documents\Mein Geld!!!!.rtf [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.27 17:31:53 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.16 14:29:36 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.15 19:30:15 | 000,002,039 | ---- | C] () -- C:\Users\Timo\Desktop\HijackThis.lnk [2010.04.13 15:50:57 | 000,000,000 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\chrtmp [2010.04.13 15:50:25 | 000,000,562 | ---- | C] () -- C:\Users\Timo\Desktop\Fraps.lnk [2010.04.09 13:04:16 | 000,012,288 | -H-- | C] () -- C:\Users\Timo\Desktop\photothumb.db [2010.04.05 17:52:00 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.05 17:15:31 | 000,000,928 | ---- | C] () -- C:\Users\Timo\Desktop\RegCleaner.lnk [2010.04.01 22:24:34 | 002,535,485 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\ fraps303.exe [2010.03.30 17:52:59 | 000,000,917 | ---- | C] () -- C:\Users\Timo\Documents\Mein Geld!!!!.rtf [2010.03.27 17:31:53 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.03.11 00:20:33 | 000,000,829 | ---- | C] () -- C:\Users\Timo\.recently-used.xbel [2010.01.28 22:09:39 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.01.28 22:09:39 | 000,138,056 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\PnkBstrK.sys [2009.12.28 20:29:43 | 000,000,552 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\SQLite3.dll [2009.12.27 17:24:03 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI [2009.12.12 17:34:22 | 002,551,568 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\fraps303.exe [2009.12.11 00:21:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.11.26 19:30:23 | 000,000,258 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.11.25 21:17:13 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.11.25 20:07:40 | 000,000,017 | ---- | C] () -- C:\Users\Timo\AppData\Local\resmon.resmoncfg [2009.11.21 18:37:50 | 000,003,584 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.21 18:35:54 | 008,650,752 | -HS- | C] () -- C:\Users\Timo\NTUSER.DAT [2009.11.21 18:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\Timo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2009.11.21 18:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\Timo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2009.11.21 18:35:54 | 000,262,144 | -HS- | C] () -- C:\Users\Timo\ntuser.dat.LOG1 [2009.11.21 18:35:54 | 000,065,536 | -HS- | C] () -- C:\Users\Timo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2009.11.21 18:35:54 | 000,000,020 | -HS- | C] () -- C:\Users\Timo\ntuser.ini [2009.11.21 18:35:54 | 000,000,000 | -HS- | C] () -- C:\Users\Timo\ntuser.dat.LOG2 [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007.11.20 04:14:09 | 000,000,068 | R--- | C] () -- C:\Windows\CmiOemConfig.ini ========== Files - Unicode (All) ========== [2010.02.01 00:09:11 | 000,000,125 | ---- | M] ()(C:\Users\Timo\Desktop\?.url) -- C:\Users\Timo\Desktop\♥.url [2010.02.01 00:09:03 | 000,000,125 | ---- | C] ()(C:\Users\Timo\Desktop\?.url) -- C:\Users\Timo\Desktop\♥.url < End of report > EXTRAS OTL Extras logfile created on: 18.04.2010 16:10:57 - Run 2 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Timo\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 92,77 Gb Free Space | 63,33% Space Free | Partition Type: NTFS Drive D: | 319,28 Gb Total Space | 12,99 Gb Free Space | 4,07% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIMOGAMING Current User Name: Timo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1205 Banner Remover 1.0 "{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1 "{D0B2AA8F-CC52-4298-A48E-A9BA169546B6}" = Cabela's Outdoor Adventures "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Fraps" = Fraps (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PhotoScape" = PhotoScape "PunkBusterSvc" = PunkBuster Services "Rainlendar2" = Rainlendar2 (remove only) "Steam App 10" = Counter-Strike "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 12210" = Grand Theft Auto IV "Steam App 18820" = Zero Gear "Steam App 220" = Half-Life 2 "Steam App 240" = Counter-Strike: Source "Steam App 30" = Day of Defeat "Steam App 300" = Day of Defeat: Source "Super Mario Bros. Screensaver" = Super Mario Bros. Screensaver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TightVNC_is1" = TightVNC 1.3.10 "TmNationsForever_is1" = TmNationsForever Update 2010-03-15 "TuneUp Utilities" = TuneUp Utilities "VLC media player" = VLC media player 1.0.3 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.04.2010 19:37:15 | Computer Name = TimoGaming | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 16.04.2010 19:37:15 | Computer Name = TimoGaming | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 16.04.2010 19:37:15 | Computer Name = TimoGaming | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 16.04.2010 19:57:52 | Computer Name = TimoGaming | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.150.3, Zeitstempel: 0x4a6ad1a7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x17161514 ID des fehlerhaften Prozesses: 0xd58 Startzeit der fehlerhaften Anwendung: 0x01caddc097df1f79 Pfad der fehlerhaften Anwendung: C:\Program Files\Java\jre6\bin\java.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: de20c076-49b3-11df-9829-001f3f086d82 Error - 16.04.2010 20:09:20 | Computer Name = TimoGaming | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 17.04.2010 08:49:47 | Computer Name = TimoGaming | Source = VSS | ID = 8194 Description = Error - 17.04.2010 18:30:39 | Computer Name = TimoGaming | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.04.2010 07:34:23 | Computer Name = TimoGaming | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 18.04.2010 07:34:23 | Computer Name = TimoGaming | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 18.04.2010 07:34:23 | Computer Name = TimoGaming | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 16.04.2010 19:31:29 | Computer Name = TimoGaming | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sfdrv01 sfsync02 Error - 18.04.2010 07:29:33 | Computer Name = TimoGaming | Source = Application Popup | ID = 875 Description = Treiber sfsync02.sys konnte nicht geladen werden. Error - 18.04.2010 07:29:37 | Computer Name = TimoGaming | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 18.04.2010 07:29:49 | Computer Name = TimoGaming | Source = Service Control Manager | ID = 7000 Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.04.2010 07:29:58 | Computer Name = TimoGaming | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sfdrv01 sfsync02 Error - 18.04.2010 08:12:21 | Computer Name = TimoGaming | Source = DCOM | ID = 10010 Description = Error - 18.04.2010 10:08:04 | Computer Name = TimoGaming | Source = Application Popup | ID = 875 Description = Treiber sfsync02.sys konnte nicht geladen werden. Error - 18.04.2010 10:08:08 | Computer Name = TimoGaming | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 18.04.2010 10:08:24 | Computer Name = TimoGaming | Source = Service Control Manager | ID = 7000 Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.04.2010 10:08:37 | Computer Name = TimoGaming | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sfdrv01 sfsync02 < End of report > |
18.04.2010, 16:18 | #7 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Hi, zwei Files online prüfen (falls nicht erkannt aus dem OTL-Script rausnehmen!): Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\Timo\AppData\Roaming\bf.exe C:\Users\Timo\AppData\Roaming\wayh.exe
Code:
ATTFilter :OTL O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: svhost = C:\Windows\sys32\svhost.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: svhost = C:\Windows\sys32\svhost.exe File not found O20 - HKCU Winlogon: Shell - (C:\Users\Timo\AppData\Roaming\wayh.exe) - C:\Users\Timo\AppData\Roaming\wayh.exe (YZu) O33 - MountPoints2\{29471910-d6cf-11de-bfd7-001f3f086d82}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found [2010.04.01 18:23:36 | 000,172,032 | ---- | C] (GxieL9) -- C:\Users\Timo\AppData\Roaming\bf.exe :Commands [emptytemp] [Reboot]
Cureit: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.04.2010, 22:46 | #8 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Datei bf.exe empfangen 2010.04.17 22:31:03 (UTC) Status: Beendet Ergebnis: 14/40 (35.00%) Filter Filter Drucken der Ergebnisse Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.04.17 Trojan-Dropper!IK AhnLab-V3 5.0.0.2 2010.04.17 - AntiVir 7.10.6.115 2010.04.16 TR/Dropper.Gen Antiy-AVL 2.0.3.7 2010.04.16 - Authentium 5.2.0.5 2010.04.16 W32/VBTrojan.Dropper.4!Maximus Avast 4.8.1351.0 2010.04.17 Win32:Malware-gen Avast5 5.0.332.0 2010.04.17 Win32:Malware-gen AVG 9.0.0.787 2010.04.17 Dropper.Generic2.AUO BitDefender 7.2 2010.04.18 - CAT-QuickHeal 10.00 2010.04.17 - ClamAV 0.96.0.3-git 2010.04.17 - Comodo 4629 2010.04.17 - DrWeb 5.0.2.03300 2010.04.17 - eSafe 7.0.17.0 2010.04.15 - eTrust-Vet 35.2.7431 2010.04.17 - F-Prot 4.5.1.85 2010.04.17 W32/VBTrojan.Dropper.4!Maximus F-Secure 9.0.15370.0 2010.04.16 - Fortinet 4.0.14.0 2010.04.17 - GData 19 2010.04.18 Win32:Malware-gen Ikarus T3.1.1.80.0 2010.04.17 Trojan-Dropper Jiangmin 13.0.900 2010.04.17 Heur:Trojan/AntiVM Kaspersky 7.0.0.125 2010.04.18 - McAfee 5.400.0.1158 2010.04.18 - McAfee-GW-Edition 6.8.5 2010.04.17 Trojan.Dropper.Gen Microsoft 1.5605 2010.04.17 - NOD32 5036 2010.04.17 Win32/Inject.NDA Norman 6.04.11 2010.04.16 - nProtect 2010-04-17.01 2010.04.17 - Panda 10.0.2.7 2010.04.17 - PCTools 7.0.3.5 2010.04.17 - Prevx 3.0 2010.04.18 High Risk Cloaked Malware Rising 22.43.05.03 2010.04.17 - Sophos 4.52.0 2010.04.17 - Sunbelt 6188 2010.04.17 Trojan.Win32.Generic!BT Symantec 20091.2.0.41 2010.04.18 - TheHacker 6.5.2.0.263 2010.04.16 - TrendMicro 9.120.0.1004 2010.04.15 - VBA32 3.12.12.4 2010.04.15 - ViRobot 2010.4.17.2282 2010.04.17 - VirusBuster 5.0.27.0 2010.04.17 - weitere Informationen File size: 172032 bytes MD5 : b71d9b7ad67acfb1b1833493c0f3086b SHA1 : f68b802be6b1ffffd3a121fafd5587c6084b9751 SHA256: 5fd77e4a3dabac42822317417018640dc151ae47f7a146e40a6f9587ed377443 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x18F4 timedatestamp.....: 0x4BB4C848 (Thu Apr 1 18:22:32 2010) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x130EC 0x14000 5.57 ac1aa1ec6507fef2c3391ebf1a59b78b .data 0x15000 0x5F8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x16000 0x138D4 0x14000 7.94 a8737e72965c66c19ef58e4540df0a32 ( 1 imports ) > msvbvm60.dll: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaPut3, __vbaEnd, _adj_fdiv_m64, __vbaRaiseEvent, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaExitProc, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarIndexLoad, __vbaBoolVarNull, _CIsin, __vbaErase, __vbaVarZero, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaPutOwner3, __vbaI2I4, __vbaVarLikeVar, DllFunctionCall, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaUI1ErrVar, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaExceptHandler, -, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaInStrVar, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaLsetFixstrFree, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaR8Str, __vbaNew2, __vbaInStr, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaVarAdd, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaVarCopy, -, _CIatan, __vbaStrMove, -, __vbaR8IntI4, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaI4ErrVar, __vbaFreeStr, - ( 0 exports ) TrID : File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 3072:ajRw4ETCWg7/Na/Ami9HE5+I7GPj7Gm4Rvd50OWUVfabvKUdwYlvAPNZj:ajS4ETCWg7/Na/Ami9HE5+I7GPj0f0OL sigcheck: publisher....: GxieL9 copyright....: n/a product......: AxUWVTDnX description..: n/a original name: HnctH8.exe internal name: HnctH8 file version.: 16.402.0954 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Prevx Info: hxxp://info.prevx.com/aboutprogramtext.asp?PX5=71B656CD00E33407A08702B82987D300F0E270D4 PEiD : - RDS : NSRL Reference Data Set - Datei wayh.exe empfangen 2010.04.18 21:38:31 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 7/40 (17.5%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.04.18 - AhnLab-V3 5.0.0.2 2010.04.18 - AntiVir 7.10.6.116 2010.04.18 TR/Dropper.Gen Antiy-AVL 2.0.3.7 2010.04.16 - Authentium 5.2.0.5 2010.04.16 - Avast 4.8.1351.0 2010.04.18 - Avast5 5.0.332.0 2010.04.18 - AVG 9.0.0.787 2010.04.18 - BitDefender 7.2 2010.04.18 - CAT-QuickHeal 10.00 2010.04.17 - ClamAV 0.96.0.3-git 2010.04.18 - Comodo 4639 2010.04.18 Heur.Suspicious DrWeb 5.0.2.03300 2010.04.18 - eSafe 7.0.17.0 2010.04.18 - eTrust-Vet 35.2.7433 2010.04.18 - F-Prot 4.5.1.85 2010.04.18 - F-Secure 9.0.15370.0 2010.04.18 - Fortinet 4.0.14.0 2010.04.18 - GData 19 2010.04.18 - Ikarus T3.1.1.80.0 2010.04.18 - Jiangmin 13.0.900 2010.04.18 - Kaspersky 7.0.0.125 2010.04.18 - McAfee 5.400.0.1158 2010.04.18 - McAfee-GW-Edition 6.8.5 2010.04.18 Trojan.Dropper.Gen Microsoft 1.5605 2010.04.18 Trojan:Win32/Rimecud.A NOD32 5039 2010.04.18 probably a variant of Win32/Injector.BJC Norman 6.04.11 2010.04.16 - nProtect 2010-04-18.01 2010.04.18 - Panda 10.0.2.7 2010.04.18 - PCTools 7.0.3.5 2010.04.18 - Prevx 3.0 2010.04.18 High Risk Cloaked Malware Rising 22.43.06.03 2010.04.18 - Sophos 4.52.0 2010.04.18 Mal/VBInject-T Sunbelt 6192 2010.04.18 - Symantec 20091.2.0.41 2010.04.18 - TheHacker 6.5.2.0.264 2010.04.18 - TrendMicro 9.120.0.1004 2010.04.15 - VBA32 3.12.12.4 2010.04.15 - ViRobot 2010.4.17.2282 2010.04.18 - VirusBuster 5.0.27.0 2010.04.18 - weitere Informationen File size: 196608 bytes MD5...: bfe468d2c221c79a8b12135e72d6f941 SHA1..: 8a5f08c6bc6ecbe2cca0fe724decd6a2504486ad SHA256: 2cceb0fa75c3616044b3804204af7d2c5da037f9b61c8faf41bdced340c9635a ssdeep: 3072:+0BPyTWi65YUwF6Pwto7uZ30+pqQ1I+vpRt8XN6SWXTgxNw49DLj:+X/df5 uMk+nIkJVTKNw4 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1834 timedatestamp.....: 0x4bc8d880 (Fri Apr 16 21:37:04 2010) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x17710 0x18000 5.64 846bc63911d9bb7522fa1cd4925e0bb2 .data 0x19000 0x4e4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x1a000 0x1516c 0x16000 7.88 56b641b5cc18595edce580c18ddce46c ( 1 imports ) > MSVBVM60.DLL: __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, __vbaPut3, _adj_fdiv_m64, __vbaRaiseEvent, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaVarIndexLoad, __vbaBoolVarNull, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaPutOwner3, __vbaI2I4, __vbaVarLikeVar, DllFunctionCall, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1ErrVar, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaExceptHandler, -, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaInStrVar, -, __vbaStrVarVal, __vbaUbound, __vbaVarCat, __vbaLsetFixstrFree, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaR8Str, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, -, _CIatan, __vbaStrMove, -, __vbaR8IntI4, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaI4ErrVar, __vbaFreeStr, __vbaFreeObj, - ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: YZu copyright....: n/a product......: Ph3NQhLtzw description..: n/a original name: XhN.exe internal name: XhN file version.: 6.793.0455 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned <a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=D78DECA600CFF21100220341093ACD004C88612E' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=D78DECA600CFF21100220341093ACD004C88612E</a> |
18.04.2010, 22:53 | #9 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst nach dem drücken des Run Fixes .. kam ich wieder auf den anmeldebildschirm und eine results box oder ähnliches fand ich nicht , das programm war geschlossen und eine textdatei gibt es auch nicht .. und finde in dem OTL ordner keine datei auser diese 2: C:\_OTL\MovedFiles\04182010_234202\C_Users\****\AppData\Roaming bf.exe und wayh.exe ... |
19.04.2010, 06:29 | #10 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Hi, ist okay, da dass aber TrojanDownloader waren, sofort MAM updaten und noch mal Komplettscan und alles beseitigen lassen. Einer davon war mit Sicherheit aktiv... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
19.04.2010, 18:18 | #11 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Hallo ;-) ich habe leider ähnliches Problem. Ist mir ein Rätsel wie das passieren konnte..:-/ Ich hoffe, einer kann mir helfen Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:54, on 19.04.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18444) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Users\Nils\AppData\Local\Temp\Xqq.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\MailCheck\MailCheck.exe C:\Users\Public\winsvcn.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Users\Nils\AppData\Local\Temp\Xqr.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_S7F3D.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\Nils\AppData\Local\Temp\sshnas21.dll,BackupReadW O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Nils\AppData\Local\Temp\Xqr.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: MailCheck 2.lnk = C:\Program Files\MailCheck\MailCheck.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12504 bytes |
20.04.2010, 06:29 | #12 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst @zacharias Hi, Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
21.04.2010, 14:36 | #13 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst Vielen Dank für die schnelle Antwort! Hier die geforderten Logs: OTL: Code:
ATTFilter OTL Extras logfile created on: 21.04.2010 14:12:08 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Nils\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 86,31 Gb Free Space | 59,87% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 137,23 Gb Free Space | 95,20% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NILSH Current User Name: Nils Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EDBD472-B1CD-4BDB-80E1-62A042EE2626}" = lport=137 | protocol=17 | dir=in | app=system | "{31F5026D-5A2F-4582-A030-9E90E2CA6DA1}" = rport=139 | protocol=6 | dir=out | app=system | "{3D6F94E6-CF14-4944-A8E3-7D1D3501D729}" = lport=2869 | protocol=6 | dir=in | app=system | "{4450F8D4-7654-4B1F-8469-27E9CDA0E6A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{73488DF1-C963-45C4-968B-97A78BF3D8CE}" = lport=138 | protocol=17 | dir=in | app=system | "{8456B3DE-CAF5-4C99-8395-AAF481CE33B6}" = lport=139 | protocol=6 | dir=in | app=system | "{87AB00C7-73DE-4245-B1D1-655B2F66496B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{98822A21-BD2B-4894-B407-C603F6896D1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ACF65055-627D-426E-A74C-0EFF72C95204}" = rport=445 | protocol=6 | dir=out | app=system | "{B45409FC-E198-4C43-A9E9-3E578D1AE4B2}" = lport=445 | protocol=6 | dir=in | app=system | "{D2BBCD90-6C38-455A-A239-4A85DEDBAA79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D92EE89E-0FF1-4F97-B2A6-AEEF94B09F15}" = rport=137 | protocol=17 | dir=out | app=system | "{E67381C4-4074-4A4C-AFE3-A3162296B495}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BF534B-0D7E-478B-A743-0C79AF29B56A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{02EED556-37EB-4635-8BF4-2D108D858227}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{06AB4F50-CAA1-4036-A3E1-A4809FB25E17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{08B24EE6-3460-47B7-AB7C-9960A162D8FC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{1A2C8136-3AC1-4197-85D6-9FEA17913D5A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{25D1F325-FD4C-419C-BB47-5FF788121E87}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{264ED8E6-A989-4AA0-AA74-4C8EB5195046}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{2D9AD081-7EA9-40EC-98AB-DE5A434382F6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{329FCCDF-B3F8-4CC7-A027-BE0536084AAB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{342D14E0-4E8A-4ED7-97FA-EF53FB21FF78}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{518454A0-ACE5-4E83-8886-91102816E179}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{53C889EA-C5EF-49E8-8D0B-46621FB5BC13}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{58BD421A-DF25-45A5-8138-D20F272163F1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{639BD6B7-9736-4701-8E66-C2DA3CEAC040}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{66CCA87C-61D0-4BC9-9BCB-F09A6602EAA5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{6E6F5782-7479-4560-842A-27DB86B7F24A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{6F627B6B-CE6D-4F79-9C6D-063FF4677D98}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{74736D51-9D1C-4671-8899-A913BAE55D85}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{74BB7863-B426-421F-92E5-E70DAC8A53EA}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{812E6C2E-91DF-4741-A699-879609A6A429}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{88D5BEB0-D74B-4F89-AB5D-8529E3C29036}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8947FAA9-5D66-4DE2-9FBD-434955C6704C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{AD5ABC55-1382-466C-9FED-102C799B05AB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{B7462FF5-E2BD-4421-95FB-F6E938CB06ED}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{BE529883-8CEC-403A-B851-6C4793ED0469}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C8F282B3-B9F0-4B58-8498-B8DBA729EE76}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{CF7B4E43-B2E8-418B-A8CC-5C530A767C97}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{E6ACB467-8FB3-4AB4-ACBD-CBEC8CCEE321}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{E6E21694-3C30-476C-A1A2-348F7BA5FD13}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{EA997887-F2C5-4649-AAD4-D6EA2364410E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{ED3FA5D6-835D-4AF0-BF52-99C5AEDD032E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{ED897A4E-8A90-42C6-879A-C24A5AC8F1BE}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{FF1FCDF7-F027-4157-9889-ACB0A4D780E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51 "{06396923-449E-4881-DB30-9677EBFBE5ED}" = Catalyst Control Center Localization Dutch "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0 "{0AD7E761-CDD9-79AD-6C0F-2CE53F7277DB}" = Catalyst Control Center Localization Japanese "{0CAA0BF0-293D-32E7-BF40-99C26947B3B6}" = CCC Help Greek "{0D0256AB-54EF-414E-A6D9-896610EBAB70}" = Catalyst Control Center Localization Thai "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{16A31107-6828-ED37-8551-37888EA51D85}" = Catalyst Control Center Localization Chinese Standard "{18855F72-E9B6-74C7-67DC-86CA6D775554}" = CCC Help Swedish "{1D801B9D-9473-2001-2FB4-875F75C5CFFA}" = Catalyst Control Center Localization French "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{265B1C1D-9BD0-A416-D5FE-0710AC0A9592}" = CCC Help Italian "{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager "{33D8205B-9118-D20E-F94A-4B467BB46289}" = Catalyst Control Center Localization Chinese Traditional "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4684B4D7-A90A-028E-F300-7C96761B1287}" = CCC Help Chinese Traditional "{468789CE-4A7C-F9C8-9DB9-6F32827F1721}" = CCC Help Danish "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E9A7C78-9F1A-4059-9B4A-C6F0642C22A1}_is1" = ICQ UIN Backup 1.3 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{5122D45F-16C5-6E6C-4509-4EE321E8A45F}" = Catalyst Control Center Localization Finnish "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5735B860-F404-20E5-2C4A-2108AFDF7DAB}" = CCC Help Polish "{573CE82D-3BA8-1D84-9F59-87DD11EAFB79}" = CCC Help Norwegian "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{591137F5-39FD-BFEF-FA09-181F0FA9B9EF}" = CCC Help Hungarian "{5AB587B5-8FAE-55F2-DB26-5A83234E3FDC}" = CCC Help Japanese "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60C85C96-8D91-58AF-E5D0-4C53A0ACEE78}" = Catalyst Control Center Localization Polish "{613D098B-93C6-A2DE-5319-FF7D2229DB2B}" = CCC Help German "{67DEBF39-8470-344D-6332-969307D41805}" = CCC Help Chinese Standard "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{687BD5FD-DC50-A653-9022-A7113D50B331}" = CCC Help Korean "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{781B8114-9EFF-BFF5-B7F7-7DCFE5571218}" = Catalyst Control Center Localization German "{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7CAE5047-9916-477F-283A-8E994DFAAD21}" = Catalyst Control Center Localization Spanish "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{849C1158-7421-893E-8E33-4312F49C1ADF}" = Catalyst Control Center Localization Greek "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite "{8EA318FC-D486-57D6-2A25-6BD247FA99DB}" = Catalyst Control Center Localization Norwegian "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing "{925150D7-0CC2-D6DF-6066-3784CE22CEE7}" = Catalyst Control Center Localization Korean "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{966DE944-348D-01B7-F9B7-0F0D696F4076}" = Catalyst Control Center Localization Swedish "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{99F8744D-211D-42D9-CA25-1029F8E0912B}" = Catalyst Control Center Localization Portuguese "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C3FA7FD-9B70-C526-FA63-162783E1060D}" = CCC Help Portuguese "{9D6271F2-6F0A-A259-085B-5BBD4F05A33E}" = Catalyst Control Center Localization Hungarian "{A2694396-5508-3DB0-5308-7E6768DD7896}" = Catalyst Control Center Localization Turkish "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A5FDB0FC-8DD0-E5D4-E031-922AE876403A}" = CCC Help Turkish "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller "{A79E4110-0087-E8AE-BD4F-A1883B2FD357}" = CCC Help French "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B316A8CE-F7F6-C99A-C41D-369A7CD33FC6}" = Catalyst Control Center Localization Danish "{B44695F8-959E-95EC-F3AC-F734C9DC6DAE}" = Catalyst Control Center Localization Italian "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static "{C0A1C9D6-9AC7-5B5A-6C25-B8FBC478BA8A}" = CCC Help Russian "{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C83127E6-697A-7EEC-D53D-C089610D7F4A}" = CCC Help Dutch "{C91E74DA-8852-D2BB-B3A2-60A9202E1732}" = CCC Help Thai "{CAC9E80B-7515-0DB9-40BB-09B3703D90BB}" = Catalyst Control Center Localization Russian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCD2B7EA-5452-DD3E-D008-2320C06862DB}" = CCC Help Finnish "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech "{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility "{F42D4CA6-E811-C8DA-D607-4F8A510D7953}" = CCC Help Spanish "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "7-Zip" = 7-Zip 4.65 "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "DSGPlayer" = SAT1 GAME CENTER "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb. "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.4 "Geheime Fälle: Die gestohlene Venus" = Geheime Fälle: Die gestohlene Venus "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "HijackThis" = HijackThis 2.0.2 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "LManager" = Launch Manager "MailCheck_is1" = MailCheck 2.53 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = McAfee SecurityCenter "NSS" = Norton Security Scan "Saqqarah" = Saqqarah "SopCast" = SopCast 3.2.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.0 "VLC media player" = VLC media player 0.9.9 "Winamp" = Winamp (remove only) "WinGimp-2.0_is1" = GIMP 2.6.6 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02.04.2010 06:45:20 | Computer Name = NilsH | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 03.04.2010 06:49:40 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 03.04.2010 16:53:33 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 04.04.2010 06:36:13 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 04.04.2010 21:34:03 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 05.04.2010 03:08:23 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 05.04.2010 04:20:48 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 06.04.2010 06:50:05 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = Error - 06.04.2010 18:44:50 | Computer Name = NilsH | Source = EventSystem | ID = 4621 Description = Error - 06.04.2010 19:00:32 | Computer Name = NilsH | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 04.05.2009 10:02:18 | Computer Name = NilsH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3273 seconds with 660 seconds of active time. This session ended with a crash. Error - 26.10.2009 17:08:04 | Computer Name = NilsH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6270 seconds with 4800 seconds of active time. This session ended with a crash. [ System Events ] Error - 18.04.2010 14:19:01 | Computer Name = NilsH | Source = HTTP | ID = 15016 Description = Error - 18.04.2010 14:20:01 | Computer Name = NilsH | Source = Service Control Manager | ID = 7000 Description = Error - 19.04.2010 07:48:44 | Computer Name = NilsH | Source = HTTP | ID = 15016 Description = Error - 19.04.2010 07:49:14 | Computer Name = NilsH | Source = Service Control Manager | ID = 7000 Description = Error - 19.04.2010 11:37:39 | Computer Name = NilsH | Source = HTTP | ID = 15016 Description = Error - 19.04.2010 11:37:55 | Computer Name = NilsH | Source = Service Control Manager | ID = 7000 Description = Error - 20.04.2010 14:56:41 | Computer Name = NilsH | Source = HTTP | ID = 15016 Description = Error - 20.04.2010 14:57:03 | Computer Name = NilsH | Source = Service Control Manager | ID = 7000 Description = Error - 21.04.2010 08:06:26 | Computer Name = NilsH | Source = HTTP | ID = 15016 Description = Error - 21.04.2010 08:06:51 | Computer Name = NilsH | Source = Service Control Manager | ID = 7000 Description = < End of report > |
21.04.2010, 14:40 | #14 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst OTL #2: Code:
ATTFilter OTL logfile created on: 21.04.2010 14:12:08 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Nils\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 86,31 Gb Free Space | 59,87% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 137,23 Gb Free Space | 95,20% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NILSH Current User Name: Nils Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Nils\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\MailCheck\MailCheck.exe (Dirk Jansen) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Programme\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.) PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Winamp\winampa.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Nils\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (GoogleDesktopManager-080708-050100) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.09 18:19:32 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010.03.31 19:15:20 | 000,000,779 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailCheck 2.lnk = C:\Programme\MailCheck\MailCheck.exe (Dirk Jansen) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.20 21:08:19 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe [2010.04.20 21:06:01 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Malwarebytes [2010.04.20 21:05:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.20 21:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.20 21:05:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.20 21:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.20 21:03:28 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\mbam-setup-1.45.exe [2010.04.19 18:42:32 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.19 18:41:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Nils\Desktop\HijackThisInstaller.exe [2010.04.18 20:19:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.04.17 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Avira [2010.04.15 15:28:59 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 15:28:58 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 15:28:50 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.15 15:28:38 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.13 20:05:46 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.04.06 02:02:28 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Downloads [2010.04.02 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\HTML [2010.03.31 19:14:33 | 000,000,000 | ---D | C] -- C:\Programme\ICQ-Banner-Remover [2010.03.31 19:03:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\AOL [2010.03.31 19:03:27 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.1 [2010.03.31 12:18:13 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.03.31 12:18:10 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.03.31 12:18:09 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.03.31 12:18:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.03.31 12:18:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.03.31 12:18:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.03.31 12:18:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.03.31 12:18:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.03.31 12:18:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.03.31 12:18:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.03.31 12:18:03 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.03.27 17:32:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\DivX [2010.03.27 17:31:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.03.27 17:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.03.27 17:28:57 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.03.27 17:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.03.24 22:14:50 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.03.24 22:14:50 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.03.24 17:47:43 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\8_Projekt_Nils-Christian [2008.09.27 18:35:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.04.21 14:17:37 | 002,621,440 | -HS- | M] () -- C:\Users\Nils\ntuser.dat [2010.04.21 14:13:24 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.21 14:13:24 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.21 14:13:24 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.21 14:13:24 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.21 14:13:23 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.21 14:08:20 | 000,023,529 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010.04.21 14:06:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.04.21 14:06:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.21 14:06:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.21 14:06:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.21 14:06:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.21 14:06:15 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys [2010.04.20 23:42:13 | 000,524,288 | -HS- | M] () -- C:\Users\Nils\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.20 23:42:13 | 000,065,536 | -HS- | M] () -- C:\Users\Nils\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.20 23:41:59 | 003,803,042 | -H-- | M] () -- C:\Users\Nils\AppData\Local\IconCache.db [2010.04.20 21:08:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe [2010.04.20 21:05:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.20 21:03:44 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\mbam-setup-1.45.exe [2010.04.20 21:00:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D08D42DF-BAA2-4450-B29B-EBABF53FC4CE}.job [2010.04.20 20:56:41 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Nils.job [2010.04.19 18:42:33 | 000,001,878 | ---- | M] () -- C:\Users\Nils\Desktop\HijackThis.lnk [2010.04.19 18:41:47 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Nils\Desktop\HijackThisInstaller.exe [2010.04.18 20:19:44 | 234,502,374 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.04.17 12:59:38 | 000,073,986 | ---- | M] () -- C:\Users\Nils\Desktop\bla.jpg [2010.04.15 17:53:48 | 000,449,570 | ---- | M] () -- C:\Users\Nils\Desktop\Wochenliste.pdf [2010.04.13 21:18:28 | 000,004,559 | ---- | M] () -- C:\Users\Nils\.recently-used.xbel [2010.04.13 21:18:28 | 000,001,381 | ---- | M] () -- C:\Users\Nils\Desktop\dfb.gif [2010.04.13 21:17:41 | 000,001,531 | ---- | M] () -- C:\Users\Nils\Desktop\bvb.gif [2010.04.13 20:48:58 | 000,001,422 | ---- | M] () -- C:\Users\Nils\Desktop\fcs.gif [2010.04.13 20:19:37 | 000,001,698 | ---- | M] () -- C:\Users\Nils\Desktop\index.gif [2010.04.13 20:05:21 | 000,939,956 | ---- | M] () -- C:\Users\Nils\Desktop\7z465.exe [2010.04.07 20:56:03 | 000,056,630 | ---- | M] () -- C:\Users\Nils\Desktop\Unbenannt.jpg [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.22 20:03:14 | 000,000,859 | ---- | M] () -- C:\Users\Nils\Desktop\slamfmlivestream.asx ========== Files Created - No Company Name ========== [2010.04.20 21:05:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.19 18:42:33 | 000,001,878 | ---- | C] () -- C:\Users\Nils\Desktop\HijackThis.lnk [2010.04.18 20:18:53 | 234,502,374 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.04.17 12:59:38 | 000,073,986 | ---- | C] () -- C:\Users\Nils\Desktop\bla.jpg [2010.04.13 21:18:28 | 000,004,559 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel [2010.04.13 20:55:12 | 000,001,381 | ---- | C] () -- C:\Users\Nils\Desktop\dfb.gif [2010.04.13 20:29:45 | 000,001,422 | ---- | C] () -- C:\Users\Nils\Desktop\fcs.gif [2010.04.13 20:27:39 | 000,001,531 | ---- | C] () -- C:\Users\Nils\Desktop\bvb.gif [2010.04.13 20:05:21 | 000,939,956 | ---- | C] () -- C:\Users\Nils\Desktop\7z465.exe [2010.04.13 20:00:01 | 000,001,698 | ---- | C] () -- C:\Users\Nils\Desktop\index.gif [2010.04.07 20:56:02 | 000,056,630 | ---- | C] () -- C:\Users\Nils\Desktop\Unbenannt.jpg [2010.03.30 19:48:30 | 000,449,570 | ---- | C] () -- C:\Users\Nils\Desktop\Wochenliste.pdf [2010.03.22 20:03:14 | 000,000,859 | ---- | C] () -- C:\Users\Nils\Desktop\slamfmlivestream.asx [2009.01.27 15:41:14 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.01.27 15:34:42 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini [2009.01.12 14:41:10 | 000,000,680 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2008.12.25 15:34:24 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat [2008.12.25 13:30:16 | 000,064,512 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.25 13:23:00 | 000,000,020 | -HS- | C] () -- C:\Users\Nils\ntuser.ini [2008.12.25 13:22:59 | 002,621,440 | -HS- | C] () -- C:\Users\Nils\ntuser.dat [2008.12.25 13:22:59 | 000,524,288 | -HS- | C] () -- C:\Users\Nils\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.12.25 13:22:59 | 000,524,288 | -HS- | C] () -- C:\Users\Nils\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.12.25 13:22:59 | 000,262,144 | -H-- | C] () -- C:\Users\Nils\ntuser.dat.LOG1 [2008.12.25 13:22:59 | 000,065,536 | -HS- | C] () -- C:\Users\Nils\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008.12.25 13:22:59 | 000,000,000 | -H-- | C] () -- C:\Users\Nils\ntuser.dat.LOG2 [2008.09.27 18:34:41 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.09.27 08:54:02 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.09.27 08:50:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.08.27 20:37:03 | 000,005,477 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2008.08.27 20:36:03 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.08.19 04:48:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.08.19 04:48:50 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.08.19 04:48:50 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.08.19 04:48:18 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25 < End of report > |
21.04.2010, 14:44 | #15 |
| TR/Ag.210944 Internet Explorer öffnet sich von selbst MAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4013 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 20.04.2010 23:39:09 mbam-log-2010-04-20 (23-39-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 269714 Laufzeit: 2 Stunde(n), 25 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Users\Nils\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\$RECYCLE.BIN\S-1-5-21-4143652046-4206971723-3055386835-1000\$RBCHUKW.scr (VirTool.DelfInject) -> No action taken. C:\Users\Nils\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. |
Themen zu TR/Ag.210944 Internet Explorer öffnet sich von selbst |
.dll, aktion, antivir, appdata, black, datei, entfernt, explorer, gelöscht, gen, internet, internet explorer, kleines, local\temp, löschen, manager, natürlich, neustart, programm, system, temp, trojan, unerwünschtes programm, virus, vollversion, von selbst, öffnet |