|
Plagegeister aller Art und deren Bekämpfung: vista security meldungen, ave.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.04.2010, 15:21 | #1 |
| vista security meldungen, ave.exe Hallo liebes Trojanerboard! ich habe heute auf einmal die Meldung "vista security hat blablabla entdeckt" bekommen. Habe mich im Board informiert und mit Malwarebytes behandelt, bin jetzt wieder problemfrei, soweit zumindest meine Einschätzung. Werde hier mal meine malwarebytes-logfiles und ODT posten, vielleicht versteckt sich ja noch etwas, das ich als Laie nicht erkennen kann. Über eure hilfe würde ich mich sehr freuen. Mein Vorgehen: hab malwarebytes über filepony runtergeladen, im abgesicherten Modus gestartet (nach killen der ave.exe und irl.exe mit processexplorer), NICHT AKTUALISIERT da keine Netzwerktreiber geladen und mit Malwarebytes gescannt. Die gefundenen Dateien hab ich in Quarantäne gesteckt. hier der erste log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3930 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18904 26.04.2010 15:01:01 mbam-log-2010-04-26 (15-01-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 101159 Laufzeit: 5 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: C:\Users\johannes\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\johannes\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\johannes\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\johannes\AppData\Local\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\johannes\AppData\Local\Temp\Irl.exe (Trojan.FakeAlert) -> No action taken. C:\Users\johannes\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. C:\Users\johannes\AppData\Roaming\sdra64.exe (Trojan.Agent) -> No action taken. C:\Users\johannes\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. Dann habe ich vista normal gestartet und Malwarebytes aktualisiert, nochmal gescannt, gefundenes gelöscht und folgenden log bekommen: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4037 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 26.04.2010 15:11:58 mbam-log-2010-04-26 (15-11-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 106939 Laufzeit: 5 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87sdhfush87fsufhuie3fddf (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\johannes\AppData\Local\Temp\ecsmwonxra.exe (Trojan.Dropper) -> No action taken. C:\Users\johannes\AppData\Local\Temp\stpff683.exe (Trojan.Hiloti) -> No action taken. C:\Users\johannes\AppData\Local\Temp\ahuibmw.exe (Trojan.Ertfor) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. Danach hatte ich keine Probleme mehr. Ich habe gelesen, dass auch ein Scan mit OTL Sinn macht, die OTL.txt im nächsten Post... Ich hoffe, ihr könnt mir helfen Vielen Dank joehanes |
26.04.2010, 15:24 | #2 |
| vista security meldungen, ave.exe hier noch die OTL-logs:
__________________Das ist die OTL.txt: OTL logfile created on: 26.04.2010 15:59:48 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\johannes\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106,43 Gb Total Space | 10,04 Gb Free Space | 9,43% Space Free | Partition Type: NTFS Drive D: | 147,00 Gb Total Space | 4,19 Gb Free Space | 2,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 34,65 Gb Total Space | 2,72 Gb Free Space | 7,85% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: JOHANNES-PC Current User Name: johannes Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\johannes\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation) MOD - C:\Programme\Windows Journal\NBMapTIP.dll (Microsoft Corporation) MOD - C:\Windows\System32\mfc42u.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.12 22:00:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.09 01:13:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.09 01:13:28 | 000,000,000 | ---D | M] [2009.02.06 13:57:40 | 000,000,000 | ---D | M] -- C:\Users\johannes\AppData\Roaming\mozilla\Extensions [2010.04.26 12:15:20 | 000,000,000 | ---D | M] -- C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\fovbh9ky.default\extensions [2010.04.13 02:21:52 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\johannes\AppData\Roaming\mozilla\Firefox\Profiles\fovbh9ky.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009.03.25 10:46:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.09 01:13:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.09 01:13:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.09 01:13:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.09 01:13:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.09 01:13:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6a41d102-9f66-11de-a750-002269cddd40}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{a923754c-000d-11df-a341-ab1b5ba7b32d}\Shell\AutoRun\command - "" = F:\start.bat -- File not found O33 - MountPoints2\{ee9372a3-000c-11df-bdc5-aa7ba9e8762c}\Shell - "" = AutoRun O33 - MountPoints2\{ee9372a3-000c-11df-bdc5-aa7ba9e8762c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.04.26 15:58:48 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\johannes\Desktop\OTL.exe [2010.04.26 14:53:41 | 000,000,000 | ---D | C] -- C:\Users\johannes\AppData\Roaming\Malwarebytes [2010.04.26 14:53:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.26 14:53:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.26 14:53:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.26 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.26 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\johannes\AppData\Roaming\768B810E39B354D7BFC88E44174D83DC [2010.04.26 14:09:59 | 000,000,000 | -HSD | C] -- C:\Users\johannes\AppData\Roaming\lowsec [2010.04.13 20:58:38 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.13 20:58:38 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.13 20:58:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.13 20:58:08 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.13 20:58:08 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.12 23:41:27 | 000,000,000 | ---D | C] -- C:\Users\johannes\Desktop\wohnung [2010.04.09 22:13:26 | 000,068,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2010.04.09 22:13:26 | 000,057,344 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll [2010.04.09 22:13:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll [2010.04.09 22:05:18 | 011,597,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010.04.09 22:05:18 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010.04.09 22:05:17 | 004,513,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2010.04.09 22:05:17 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.04.09 22:05:16 | 015,235,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010.04.09 22:05:15 | 009,393,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010.04.09 22:05:15 | 002,647,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010.04.09 22:05:15 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010.04.09 22:05:13 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010.04.09 22:05:13 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010.04.09 22:05:13 | 001,299,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2010.04.09 22:05:13 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1910.dll [2010.04.09 22:05:13 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll [2010.04.09 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\johannes\Desktop\MIETVERTRAG [2010.04.02 12:23:26 | 000,000,000 | ---D | C] -- C:\Users\johannes\AppData\Roaming\Canneverbe Limited [2010.03.31 08:12:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.03.31 08:12:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.03.31 08:12:22 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.03.31 08:12:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.03.31 08:12:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.03.31 08:12:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.03.31 08:12:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.03.31 08:12:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.03.31 08:12:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.03.31 08:12:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.03.31 08:12:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.03.31 08:12:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.03.31 08:12:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.03.31 08:12:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.03.31 08:12:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.03.29 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\johannes\AppData\Roaming\Avira [2010.03.28 15:49:49 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.03.28 15:49:49 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2010.04.26 15:59:56 | 002,883,584 | -HS- | M] () -- C:\Users\johannes\NTUSER.DAT [2010.04.26 15:58:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\johannes\Desktop\OTL.exe [2010.04.26 15:56:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.26 15:21:10 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.26 15:21:10 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.26 15:21:10 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.26 15:21:10 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.26 15:21:10 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.26 15:17:05 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.04.26 15:13:20 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.04.26 15:13:20 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.04.26 15:13:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.26 15:13:10 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.26 15:13:10 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.26 15:13:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.26 15:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.26 15:13:03 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2010.04.26 15:12:18 | 000,524,288 | -HS- | M] () -- C:\Users\johannes\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.26 15:12:18 | 000,065,536 | -HS- | M] () -- C:\Users\johannes\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.26 15:12:18 | 000,003,307 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.04.26 15:12:17 | 002,274,730 | -H-- | M] () -- C:\Users\johannes\AppData\Local\IconCache.db [2010.04.26 14:58:49 | 000,011,510 | -HS- | M] () -- C:\Users\johannes\AppData\Local\UJ0QRjYY [2010.04.26 14:58:49 | 000,011,510 | -HS- | M] () -- C:\ProgramData\UJ0QRjYY [2010.04.26 14:53:34 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 14:21:19 | 000,009,056 | -HS- | M] () -- C:\Users\johannes\AppData\Local\3973764749 [2010.04.22 17:47:16 | 000,100,864 | ---- | M] () -- C:\Users\johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.17 00:21:20 | 000,064,000 | ---- | M] () -- C:\Users\johannes\Desktop\Manuskript_Narzissmus.doc [2010.04.14 19:16:30 | 000,025,295 | ---- | M] () -- C:\Users\johannes\Desktop\binomial.xlsx [2010.04.13 02:59:26 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.09 22:07:20 | 000,000,680 | ---- | M] () -- C:\Users\johannes\AppData\Local\d3d9caps.dat [2010.04.09 15:38:03 | 000,011,673 | ---- | M] () -- C:\Users\johannes\Desktop\Kündigung alte fabrik.docx [2010.04.05 09:54:06 | 000,227,697 | ---- | M] () -- C:\Users\johannes\Desktop\offenburg.docx [2010.04.05 09:42:23 | 000,000,000 | ---- | M] () -- C:\Users\johannes\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.04.05 09:42:06 | 000,215,959 | ---- | M] () -- C:\Users\johannes\Desktop\offenburg.jpg [2010.04.04 20:15:56 | 000,079,354 | ---- | M] () -- C:\Users\johannes\Desktop\mieterselbstauskunft.pdf [2010.04.02 12:23:22 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.28 12:13:45 | 000,013,997 | ---- | M] () -- C:\Users\johannes\Desktop\wohnungen 17.03.docx ========== Files Created - No Company Name ========== [2010.04.26 15:01:54 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys [2010.04.26 14:53:34 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 14:21:17 | 000,009,056 | -HS- | C] () -- C:\Users\johannes\AppData\Local\3973764749 [2010.04.26 14:10:45 | 000,011,510 | -HS- | C] () -- C:\Users\johannes\AppData\Local\UJ0QRjYY [2010.04.26 14:10:45 | 000,011,510 | -HS- | C] () -- C:\ProgramData\UJ0QRjYY [2010.04.17 00:21:20 | 000,064,000 | ---- | C] () -- C:\Users\johannes\Desktop\Manuskript_Narzissmus.doc [2010.04.13 22:12:31 | 000,025,295 | ---- | C] () -- C:\Users\johannes\Desktop\binomial.xlsx [2010.04.13 02:59:26 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.09 22:19:02 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.09 22:17:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.09 22:05:18 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2010.04.09 15:10:08 | 000,011,673 | ---- | C] () -- C:\Users\johannes\Desktop\Kündigung alte fabrik.docx [2010.04.05 09:42:42 | 000,227,697 | ---- | C] () -- C:\Users\johannes\Desktop\offenburg.docx [2010.04.05 09:42:23 | 000,000,000 | ---- | C] () -- C:\Users\johannes\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.04.05 09:42:06 | 000,215,959 | ---- | C] () -- C:\Users\johannes\Desktop\offenburg.jpg [2010.04.04 20:15:56 | 000,079,354 | ---- | C] () -- C:\Users\johannes\Desktop\mieterselbstauskunft.pdf [2009.10.26 17:48:38 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.09.13 13:39:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.05.27 21:44:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.04.24 18:27:47 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2009.02.06 15:30:43 | 000,000,000 | ---- | C] () -- C:\Windows\OODCNT.INI [2009.02.05 20:22:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009.02.05 20:22:11 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.02.05 19:42:12 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.05 17:51:15 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.07.23 23:56:38 | 000,000,626 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.07.23 23:55:51 | 000,000,135 | ---- | C] () -- C:\Windows\System32\lngEng.ini [2008.07.23 23:55:51 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.07.23 23:44:46 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.07.23 21:57:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > ------------------------------------------------------------------------- |
26.04.2010, 15:25 | #3 |
| vista security meldungen, ave.exe Und hier noch von OTL die Extras.txt:
__________________OTL Extras logfile created on: 26.04.2010 15:59:48 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\johannes\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106,43 Gb Total Space | 10,04 Gb Free Space | 9,43% Space Free | Partition Type: NTFS Drive D: | 147,00 Gb Total Space | 4,19 Gb Free Space | 2,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 34,65 Gb Total Space | 2,72 Gb Free Space | 7,85% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: JOHANNES-PC Current User Name: johannes Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BA37BE-581E-4CA1-A885-2BE55D0CDAAE}" = rport=445 | protocol=6 | dir=out | app=system | "{123D1444-06B4-470B-9B45-6AE2D005BA04}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{143B9E88-2577-4D75-A6EC-64D8013E398C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{27CBA83E-24FB-47B7-AB39-C2D21F2C10C5}" = rport=138 | protocol=17 | dir=out | app=system | "{28D5E712-E744-4644-8E00-DCC968A24CE0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6013CB4F-D619-4942-96B0-7419A6B67D77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{76D83794-88E5-4F4E-BF4A-1E5A406E6BCD}" = lport=139 | protocol=6 | dir=in | app=system | "{7B8E84F6-F4AC-4526-B4DE-2F72F529402F}" = lport=138 | protocol=17 | dir=in | app=system | "{7EED2018-2C51-43DF-8A13-55D7B1FAFFC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9C12F136-D267-4286-8058-DBFCBB1E1FF2}" = lport=445 | protocol=6 | dir=in | app=system | "{A070F910-020B-4403-8833-51F234DCCACF}" = lport=137 | protocol=17 | dir=in | app=system | "{C2788323-F215-46EA-8497-F93AEE7125B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CCCA193C-24AF-4A96-951C-EDF3C803D71A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D3E1E8D5-7ADB-4643-AD92-05F8E864C4A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA9ADCA1-36CB-4A56-8EF8-247F12D15BB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC334A47-49EE-4168-A9AE-7686538340EB}" = rport=137 | protocol=17 | dir=out | app=system | "{E8EC0BF9-9E63-4AE9-9754-FC91268F7886}" = rport=139 | protocol=6 | dir=out | app=system | "{EFE1A97D-A896-4E9A-B095-8726F907873D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{023CBF12-F545-4C72-A62F-B9EF1ECE9132}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{15CAF49F-6C50-43E1-B3B0-971943DCBA99}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{1702F5AA-A029-461E-A41F-90FFBE148A36}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1F90F335-4F5C-424C-874E-24CF4B028E25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2277A5BA-4C50-4286-85EE-02F0F52D6B36}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{2D4D9F27-A2D1-4102-9A64-06A8540D7126}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{3AE90140-0A55-4FEA-98AD-2202A7A5898C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{4068BF54-52DF-4F94-8BED-9215D628C82C}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | "{41223560-C1DC-4EA2-B8CA-82E61346E61F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{419D5772-1A21-4B29-86F8-64EC8A8115F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{47C6E5D7-876B-4948-8388-21DBD6E30CB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{4D0DE4A1-E520-4AA9-A20A-EA10F69E89F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{621A2B46-8157-4EF9-8440-841603185647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6D55CD51-B884-46BE-A2A1-641B4BE65967}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6F98BA22-D613-44ED-89A9-43B489EA3019}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{786EFEAE-B606-4FFC-B506-CA53F1E83496}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{81AC28D2-F8A0-4480-A767-F474DE3BA4D9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{9EB5D20A-99E8-4FB1-8147-2D97E4B8B71F}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | "{A7F8C83C-A41F-4BEB-A132-A8AED5D24343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{A9083E69-E325-4541-BBA9-F13494007F01}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{AA747BCA-71EB-45E9-9CF4-901052055DE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{B0C3D476-2235-4261-A0FF-A480F1B67F32}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{B0E09E90-5B3C-44FA-84D2-B455971E8341}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{B3D78342-8E3A-49DA-BB5A-2045DF8BF9E7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{B8EB19B8-4FB6-4538-9CD5-F56323451B19}" = protocol=6 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{BEB8CA3A-34AF-4354-A16A-EBCE270E5311}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{C61DEA10-6D67-4AEF-B758-EF82F0EEDCA3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{C7883114-BD0D-403A-A7E5-2D6B289DFD4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CB4CE772-C55E-44B0-97F5-17CD888028CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CF829ADA-EFB6-4DC1-A0C3-BD8D86EB9EC5}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{E4ACF137-7A79-4EA7-A543-D4F4F4BAFD38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{E602DBF7-3198-408D-A76B-56B8C73C38F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EC36D05E-D1EE-40DC-A4BF-D243F1551DE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{EFD17EAC-7861-46FD-8E11-5755C2E1ABD3}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{F7720F73-778D-453E-8A24-EECADA9DF5EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "TCP Query User{02137C2C-05B6-4EEB-884C-B426DC2734C5}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{12B08FF2-9356-40C2-9974-C05F97749052}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{1B535BA7-F961-462F-8952-8C9A0D7F1A6E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{1BDA46A4-AC46-4215-BC46-7C271E06EF5A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{310CA8B9-277C-4C03-8C5E-1A35149CE7D0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{321644AC-182F-4EFF-9E6D-810B089653D1}C:\games\l4d\left4dead\left4dead.exe" = protocol=6 | dir=in | app=c:\games\l4d\left4dead\left4dead.exe | "TCP Query User{51F79BE4-41CE-44D5-BBDF-2608F1D3E232}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{5CB9288C-7B45-4AFC-B115-5CE8E5593B66}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{7C174C0B-4525-443B-B379-250348B93ED4}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{7DCD2C31-B730-4757-94F9-0446953C97D9}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe | "TCP Query User{9CC55AD9-EF2F-4DB8-8EB4-7BAD674E3749}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{9FA4F29C-DBCD-4C53-B29B-91CCF2D6A436}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{A1945E8B-6C84-45D5-854C-C2387CFF8DDB}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{AB6A5A2A-CA0C-42C2-851A-5851D783DF40}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{AD60604D-E5FD-47BD-AD9F-575BA17AA649}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{B3A1D331-86D8-498C-9013-E1E6F7DDCD9F}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{C6D33BFC-3800-4D7C-802B-19615CB11B07}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{C90FE179-8641-4FAC-B2E4-F99633723A7E}C:\program files\spssinc\statistics17\statistics.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe | "TCP Query User{CAF69DA5-DD83-4E73-BF24-B1223BD1FCEF}C:\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{DF623CC6-3045-4F3E-8A3B-4FC0C6B4F3DB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{E8FF82B5-CDFC-4A32-80F6-0D8985CF59C7}C:\games\l4d\left4dead\left4dead.exe" = protocol=6 | dir=in | app=c:\games\l4d\left4dead\left4dead.exe | "TCP Query User{EE5F85AA-B8A7-4DEA-92B8-4086C733BEE2}H:\games\l4d\left4dead\left4dead.exe" = protocol=6 | dir=in | app=h:\games\l4d\left4dead\left4dead.exe | "TCP Query User{FBF35285-A880-420F-8EC4-C2C531323673}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{09085C12-819A-4D1E-98AF-4CB11CB78B27}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{1543AFBA-01BC-46B5-8DB6-B3A08A305E1A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{1F10ACD5-A71E-44E3-883F-523D70917812}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{241AA885-BFA5-4B22-865D-0486A70427FD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{2AB84C32-E1FF-4FD6-B39D-14E59564DC9D}C:\games\l4d\left4dead\left4dead.exe" = protocol=17 | dir=in | app=c:\games\l4d\left4dead\left4dead.exe | "UDP Query User{368EF842-6166-40A1-82EB-C0A547F22EF3}C:\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{40257D13-BBC3-41CE-A653-888BD7E56591}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{48EACCEC-D04B-4108-A49E-AA4F3500F2C6}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{531ED980-1CC4-4E58-A4F3-1B71ADFC40AF}C:\games\l4d\left4dead\left4dead.exe" = protocol=17 | dir=in | app=c:\games\l4d\left4dead\left4dead.exe | "UDP Query User{765ED5F0-28E1-4684-A301-66675444C72B}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "UDP Query User{7745D914-D612-45F2-8555-641B1CD805FB}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{7D2BCFDD-138D-40D2-8CA5-A42BBF400107}C:\program files\spssinc\statistics17\statistics.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe | "UDP Query User{87ADA887-B231-43F1-A1A4-F331A50C683F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "UDP Query User{8F2ADD99-0EE7-4A03-8B98-150955FF376F}H:\games\l4d\left4dead\left4dead.exe" = protocol=17 | dir=in | app=h:\games\l4d\left4dead\left4dead.exe | "UDP Query User{BB567ED2-DED1-4BA2-B78A-342FECDC543B}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{CBF9273B-194C-4214-B258-D9ECB7633E0D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{CD977A1A-F564-47FD-82DD-E228057AECF3}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{CE7C6B2D-9670-41C3-8174-7C9113543C19}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{DC937F74-8630-4090-9DFD-50B81B733386}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{DD478C8B-CDD9-4826-8331-81EEE937C3E7}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands (2).exe | "UDP Query User{EA4111A3-FD6C-4A0E-978E-33A91FE13B2C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F8768744-99C2-47F9-A465-3963DE5017B1}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{FB40863B-D431-4CE1-9604-9ED0D7A2D0D8}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{04FE63AC-AC7B-4C80-83AA-CCACA48C0C19}" = PS_AIO_04_C5300_Software "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{09725E0F-6406-4500-8296-DBF6E697E9D7}" = C5300 "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3AD56302-2ADE-4A1C-864A-CB9FFF040576}" = PS_AIO_04_C5300_ProductContext "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0 "{489CA990-9FFB-495A-B5F6-027199E65405}" = PS_AIO_04_C5300_Software_Min "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69C57747-551F-4e4f-AB60-13358DC4F00A}" = HP Photosmart C5300 All-In-One Driver Software 11.0 Rel .4 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{870832ED-43F3-4425-931C-137C18902664}" = Sun VirtualBox "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1 "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{C9933E93-8653-447E-9A19-9BCF658E3AE9}" = C5300_Help "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE557ABF-2A29-4AB4-A7EB-29F5FA1BECEA}" = DSL Connection Manager "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6333AB7-7C1F-4817-9805-40E048F95C7B}_is1" = AdvancedDefrag 4.2 "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "8461-7759-5462-8226" = Vuze "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agere Systems Soft Modem" = Agere Systems HDA Modem "Applian FLV Player2.0.24" = Applian FLV Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "DC-Bass Source" = DC-Bass Source 1.1.1 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders "eMule" = eMule "Eraser" = Eraser "f4" = f4 3.0.3 "FastStone Photo Resizer" = FastStone Photo Resizer 2.8 "FileZilla Client" = FileZilla Client 3.2.8.1 "ForceBindIP" = ForceBindIP "Fraps" = Fraps "Google Updater" = Google Updater "Hamachi" = Hamachi 1.0.3.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPOCR" = OCR Software by I.R.I.S. 11.0 "InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0 "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "ProInst" = Intel PROSet Wireless "RealMedia" = RealMedia (remove only) "Recuva" = Recuva (remove only) "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SHOUTcast Source" = SHOUTcast Source (remove only) "Sony Ericsson Bluetooth Remote Control" = Sony Ericsson Bluetooth Remote Control 4.01 "SpeedFan" = SpeedFan (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 4" = TeamViewer 4 "Update Service" = Update Service "VirtuaWin_is1" = VirtuaWin v4.0.1 "VLC media player" = VLC media player 1.0.3 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.6 "WinRAR archiver" = WinRAR "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter "Zattoo" = Zattoo 3.3.4 Beta "ZoomPlayer" = Zoom Player (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.03.2010 10:46:33 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 14.03.2010 11:46:28 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 14.03.2010 12:46:28 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 14.03.2010 13:46:28 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 14.03.2010 14:46:27 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 14.03.2010 15:46:27 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 15.03.2010 02:09:12 | Computer Name = johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 15.03.2010 07:46:27 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 15.03.2010 08:46:28 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = Error - 15.03.2010 09:46:27 | Computer Name = johannes-PC | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 03.04.2009 08:56:19 | Computer Name = johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 142 seconds with 0 seconds of active time. This session ended with a crash. Error - 10.09.2009 05:00:14 | Computer Name = johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 143 seconds with 120 seconds of active time. This session ended with a crash. Error - 23.02.2010 08:56:11 | Computer Name = johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 383 seconds with 120 seconds of active time. This session ended with a crash. Error - 05.03.2010 19:28:57 | Computer Name = johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55551 seconds with 1980 seconds of active time. This session ended with a crash. Error - 17.03.2010 12:23:21 | Computer Name = johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33797 seconds with 5280 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.04.2010 08:53:43 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7001 Description = Error - 26.04.2010 08:53:43 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7001 Description = Error - 26.04.2010 08:53:43 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7001 Description = Error - 26.04.2010 08:53:43 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7001 Description = Error - 26.04.2010 09:02:26 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.04.2010 09:03:53 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7022 Description = VI Error - 26.04.2010 09:05:04 | Computer Name = johannes-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 26.04.2010 09:13:30 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.04.2010 09:14:54 | Computer Name = johannes-PC | Source = Service Control Manager | ID = 7022 Description = Error - 26.04.2010 09:15:35 | Computer Name = johannes-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > VIELEN DANK!!!! |
26.04.2010, 16:43 | #4 |
| vista security meldungen, ave.exe Hab gerade nochmal einen "vollständigen Suchlauf" durchgeführt, da wurden nochmal 4 Dateien gefunden. Diese lagen auch auf C:\. Heisst das, dass sich nach der vorigen Löschung wieder was einquartiert hat, oder kann es sein, dass der QuickScan diese nicht gefunden (bzw. gesucht) hat? Hier der log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4037 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 26.04.2010 17:39:45 mbam-log-2010-04-26 (17-39-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|) Durchsuchte Objekte: 295477 Laufzeit: 1 Stunde(n), 33 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDMLWL4\oriqbjdp[1].htm (Trojan.Ertfor) -> Quarantined and deleted successfully. C:\Users\johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIHJYLHI\newupdate1142C[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\johannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIHJYLHI\stpff683[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\johannes\AppData\Roaming\768B810E39B354D7BFC88E44174D83DC\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. DANKE!!! |
30.04.2010, 12:57 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | vista security meldungen, ave.exe Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found [2010.04.26 14:09:59 | 000,000,000 | -HSD | C] -- C:\Users\johannes\AppData\Roaming\lowsec [2010.04.26 14:58:49 | 000,011,510 | -HS- | M] () -- C:\Users\johannes\AppData\Local\UJ0QRjYY [2010.04.26 14:58:49 | 000,011,510 | -HS- | M] () -- C:\ProgramData\UJ0QRjYY [2010.04.26 14:21:19 | 000,009,056 | -HS- | M] () -- C:\Users\johannes\AppData\Local\3973764749 [2010.04.22 17:47:16 | 000,100,864 | ---- | M] () -- C:\Users\johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
30.04.2010, 13:17 | #6 |
| vista security meldungen, ave.exe Hallo Arne, erstmal vielen Dank für deine Hilfe! Ich habe gestern nochmal einen malwarebyres-Scan durchgeführt, da waren schon wieder 3 Trojaner im C:\Users\johannes\AppData\Local\ - Verzeichnis. Hab sie entfernen lassen... Ändert das was an der Durchführung? Hier das logfile von OTL: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Users\johannes\AppData\Roaming\lowsec folder moved successfully. C:\Users\johannes\AppData\Local\UJ0QRjYY moved successfully. C:\ProgramData\UJ0QRjYY moved successfully. C:\Users\johannes\AppData\Local\3973764749 moved successfully. C:\Users\johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: johannes ->Temp folder emptied: 81884398 bytes ->Temporary Internet Files folder emptied: 321903378 bytes ->Java cache emptied: 22248384 bytes ->FireFox cache emptied: 37928028 bytes ->Opera cache emptied: 21357084 bytes ->Flash cache emptied: 5168 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 136399606 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 593,00 mb OTL by OldTimer - Version 3.2.3.0 log created on 04302010_140831 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
30.04.2010, 14:49 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | vista security meldungen, ave.exe Gut, dann mach jetzt mal nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu vista security meldungen, ave.exe |
.dll, anti-malware, appdata, auf einmal, backdoor.bot, dateien, filepony, firefox.exe, folge, gelöscht, gen, hijack.exefile, hijack.startmenuinternet, iexplore.exe, local\temp, malwarebytes, meldung, microsoft, mozilla, netzwerk, otl.txt, probleme, roaming, rogue.multipleav, security, shell, software, temp, trojan.agent, trojan.downloader, trojan.dropper, trojan.ertfor, trojan.fakealert, trojan.hiloti, userinit, versteckt sich, vista, vista security |