| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: img068438960802010.jpg.scr Troja?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.04.2010, 16:53
| #1 |
 |  img068438960802010.jpg.scr Troja? Hallo Leute. Ich hab zwar ein wenig aber echt nicht viel erfahrung mit trojas und so. ich habe von dem link ht*p://w*w.imjuice.com/photos.php? die datei img068438960802010.jpg.scr geschikt bekommen (über ICQ). als sich die datei nicht öffnen lies war mir alles klar...(habe sie ausgeführt) (hab über Google beides eingegeben. kam aber nix) habe dann nach der datei gesucht und sie hat was in dem Win..System 32 ordner hinterlassen war leider so dumm und habe die dateien gelöscht. habe den freund dann angerufen und gefragt ob er es geschikt hat. Das hat er nicht! mein Problem ist ich habe verdammt teure Lasershow dateien auf dem rechner jetzt die frage muss alles runter??? dann wären so um die 4000 euro im Eimer und das sind nur die laser-show dateien. bitte helft mir . edit: Mein ICQ läuft schon Amok öffnet und schließt durchgehend fenster wenn ich es öffne. |
|
29.04.2010, 12:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  img068438960802010.jpg.scr Troja? Hallo und
__________________ Du solltest in Zukunft nicht mehr mit Adminrechten surfen und messengen! Bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
29.04.2010, 16:19
| #3 |
| | img068438960802010.jpg.scr Troja? danke erstmal.
__________________hab schon den HijackThis durchrennen lassen, hier der logfile Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:15:55, on 29.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\schtasks.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Users\Public\winvcsn.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = meinAOL | HP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = meinAOL | HP R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe" /scheduler O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [WindowsUpdateControl] C:\Users\Public\winvcsn.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [WindowsUpdateControl] C:\Users\Public\winvcsn.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Program Files\SolidWorks SolidNetWork License Manager\lmgrd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe -- End of file - 10695 bytes werde im endeffekt so oder so mein system neu draufspielen müssen. meine hauptfrage bezieht sich drauf ob der virus auch ,,Eigene Dateien´´ also bilder video´s und vorallem die shows befällt werde aber trozdem noch deinen Rat befolgen |
|
29.04.2010, 19:15
| #4 |
| | img068438960802010.jpg.scr Troja? So hier die 2 outputs von OTK 1. OTL logfile created on: 29.04.2010 20:07:54 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\GJM\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 423,31 Gb Total Space | 151,25 Gb Free Space | 35,73% Space Free | Partition Type: NTFS Drive D: | 10,30 Gb Total Space | 1,00 Gb Free Space | 9,71% Space Free | Partition Type: NTFS Drive E: | 686,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 32,15 Gb Total Space | 32,06 Gb Free Space | 99,72% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GJM- Current User Name: GJM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\GJM\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\GJM\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH) PRC - C:\Program Files\Xfire\xfire.exe (Xfire Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.) PRC - C:\Program Files\Stardock\MyColors\VistaSrv.exe (Stardock Corporation) PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) PRC - C:\Program Files\Stardock\MyColors\WBVista.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\GJM\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Xfire\xfire_toucan_42424.dll (Xfire Inc.) MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Stardock\MyColors\wblind.dll (Stardock Corporation) MOD - C:\Program Files\Stardock\MyColors\wbhelp.dll (Stardock.Net, Inc) MOD - C:\Windows\System32\wbload.dll () MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Program Files\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (WindowBlinds) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe (Stardock Corporation) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SolidWorks SolidNetWork License Manager) -- C:\Program Files\SolidWorks SolidNetWork License Manager\lmgrd.exe (Macrovision Corporation) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS () DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "fritz.box" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.08 23:12:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 23:08:21 | 000,000,000 | ---D | M] [2008.06.22 17:06:05 | 000,000,000 | ---D | M] -- C:\Users\GJM\AppData\Roaming\mozilla\Extensions [2010.04.28 22:35:09 | 000,000,000 | ---D | M] -- C:\Users\GJM\AppData\Roaming\mozilla\Firefox\Profiles\gsjc9dsm.default\extensions [2010.04.21 18:05:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\GJM\AppData\Roaming\mozilla\Firefox\Profiles\gsjc9dsm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.16 17:39:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\GJM\AppData\Roaming\mozilla\Firefox\Profiles\gsjc9dsm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.27 20:58:04 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\GJM\AppData\Roaming\mozilla\Firefox\Profiles\gsjc9dsm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.28 15:16:35 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\GJM\AppData\Roaming\mozilla\Firefox\Profiles\gsjc9dsm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.02.21 13:19:50 | 000,000,000 | ---D | M] -- C:\Users\GJM\AppData\Roaming\mozilla\Firefox\Profiles\gsjc9dsm.default\extensions\webmaster@keep-tube.com [2008.09.25 12:39:32 | 000,000,681 | ---- | M] () -- C:\Users\GJM\AppData\Roaming\Mozilla\FireFox\Profiles\gsjc9dsm.default\searchplugins\ask.xml [2009.11.28 17:54:56 | 000,003,915 | ---- | M] () -- C:\Users\GJM\AppData\Roaming\Mozilla\FireFox\Profiles\gsjc9dsm.default\searchplugins\sweetim.xml [2010.04.28 22:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.21 23:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.03.12 16:16:54 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.28 23:43:31 | 000,393,064 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13576 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.) O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsUpdateControl] C:\Users\Public\winvcsn.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range25 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\GJM\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\GJM\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.02.04 16:05:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001.08.13 23:05:32 | 001,564,672 | R--- | M] () - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2001.08.09 01:35:42 | 000,000,131 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{3dfe31b6-dbe3-11dc-b4dc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3dfe31b6-dbe3-11dc-b4dc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001.08.13 23:05:32 | 001,564,672 | R--- | M] () O33 - MountPoints2\{3dfe31b6-dbe3-11dc-b4dc-806e6f6e6963}\Shell\readit\command - "" = notepad readme.doc O33 - MountPoints2\{5b9540e7-08a5-11dd-bfcf-001e8cb702f7}\Shell - "" = AutoRun O33 - MountPoints2\{5b9540e7-08a5-11dd-bfcf-001e8cb702f7}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.29 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\GJM\AppData\Roaming\Malwarebytes [2010.04.29 17:24:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 17:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.29 17:24:24 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 17:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.04.29 17:20:19 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\GJM\Desktop\OTL.exe [2010.04.28 22:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.04.28 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.04.28 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.04.28 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\GJM\AppData\Roaming\Avira [2010.04.28 18:29:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.04.28 18:29:23 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.04.28 18:29:23 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.04.28 18:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.04.28 18:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.04.28 18:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.04.24 14:39:46 | 000,000,000 | ---D | C] -- C:\Users\GJM\Desktop\Pendulum [2010.04.21 23:08:21 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.04.21 23:08:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.21 23:08:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.21 23:08:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.21 19:04:44 | 000,000,000 | ---D | C] -- C:\Users\GJM\Desktop\JBO [2010.04.18 12:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\OGG to MP3 Converter [2010.04.10 16:21:00 | 016,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll [2010.04.10 16:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2010.04.10 16:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock [2010.04.10 16:19:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F0297D39-7A45-442F-AFF5-271488E85934} [2010.04.10 16:19:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2010.04.10 16:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock [2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.03.30 22:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun ========== Files - Modified Within 30 Days ========== [2010.04.29 20:07:04 | 007,340,032 | -HS- | M] () -- C:\Users\GJM\NTUSER.DAT [2010.04.29 19:58:33 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\bhsf.sys [2010.04.29 19:02:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.29 19:02:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.29 17:24:30 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.29 17:20:21 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\GJM\Desktop\OTL.exe [2010.04.29 17:07:22 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.29 17:07:22 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.29 17:07:22 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.29 17:07:22 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.29 17:07:22 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.29 17:02:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.29 17:02:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.28 23:58:22 | 000,524,288 | -HS- | M] () -- C:\Users\GJM\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.04.28 23:58:22 | 000,065,536 | -HS- | M] () -- C:\Users\GJM\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.28 23:57:53 | 004,238,981 | -H-- | M] () -- C:\Users\GJM\AppData\Local\IconCache.db [2010.04.28 23:43:31 | 000,393,064 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.04.28 21:28:09 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.04.26 23:17:33 | 000,013,376 | ---- | M] () -- C:\Users\GJM\Desktop\0wuxi0.jpg [2010.04.24 22:09:31 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Coop Warfare 0.7.lnk [2010.04.24 15:14:39 | 000,524,288 | -HS- | M] () -- C:\Users\GJM\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.22 20:51:10 | 000,028,976 | ---- | M] () -- C:\Users\GJM\Desktop\kitler4405.jpg [2010.04.21 18:47:16 | 000,010,368 | ---- | M] () -- C:\Users\GJM\Desktop\kitty4688.jpg [2010.04.16 22:26:30 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2010.04.12 22:07:46 | 078,347,234 | ---- | M] () -- C:\Users\GJM\Desktop\Duckload_com_Easy_Streaming.avi [2010.04.12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.04.10 16:21:00 | 016,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll [2010.04.10 16:19:59 | 002,359,350 | ---- | M] () -- C:\Windows\Invader1024.bmp [2010.04.09 19:56:54 | 000,292,864 | ---- | M] () -- C:\Users\GJM\Desktop\Probenkalender 2010 V1.1 SENT.wps [2010.04.09 19:56:54 | 000,005,426 | ---- | M] () -- C:\Users\GJM\AppData\Roaming\wklnhst.dat [2010.04.07 08:22:34 | 000,000,680 | ---- | M] () -- C:\Users\GJM\AppData\Local\d3d9caps.dat [2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl ========== Files Created - No Company Name ========== [2010.04.29 19:58:33 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\bhsf.sys [2010.04.29 17:24:30 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 23:17:33 | 000,013,376 | ---- | C] () -- C:\Users\GJM\Desktop\0wuxi0.jpg [2010.04.24 22:09:31 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Coop Warfare 0.7.lnk [2010.04.22 20:51:10 | 000,028,976 | ---- | C] () -- C:\Users\GJM\Desktop\kitler4405.jpg [2010.04.21 18:47:16 | 000,010,368 | ---- | C] () -- C:\Users\GJM\Desktop\kitty4688.jpg [2010.04.16 22:26:30 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.04.12 22:02:54 | 078,347,234 | ---- | C] () -- C:\Users\GJM\Desktop\Duckload_com_Easy_Streaming.avi [2010.04.10 16:19:59 | 002,359,350 | ---- | C] () -- C:\Windows\Invader1024.bmp [2010.02.09 00:07:34 | 000,000,348 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.12.14 21:51:35 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS [2009.12.14 21:51:35 | 000,047,616 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL [2009.12.14 21:51:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL [2009.12.14 21:48:37 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2009.11.08 01:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.16 23:29:54 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI [2009.09.26 00:58:18 | 000,000,071 | ---- | C] () -- C:\Windows\ICMPBomb.ini [2009.06.16 04:05:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.12 02:00:29 | 000,018,697 | ---- | C] () -- C:\Windows\LaserworldShoweditor2009.ini [2009.01.14 19:05:08 | 000,015,123 | ---- | C] () -- C:\Windows\LaserworldShoweditor.ini [2008.12.10 18:24:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini [2008.11.16 02:52:18 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2008.11.14 14:00:06 | 000,000,251 | ---- | C] () -- C:\Windows\AudStu.INI [2008.11.14 13:34:30 | 000,000,325 | ---- | C] () -- C:\Windows\BeatBox.INI [2008.11.14 13:34:20 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.03 00:34:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.09.18 14:32:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008.09.18 14:32:35 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2008.06.23 13:32:11 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.05.29 23:19:05 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.05.29 18:22:08 | 000,000,183 | ---- | C] () -- C:\Windows\MusicStudio.INI [2008.05.29 17:52:55 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.05.29 17:51:54 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.05.29 17:51:15 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.04 15:50:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.02.04 15:35:35 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2008.02.04 15:35:35 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2008.02.01 20:55:17 | 000,001,000 | ---- | C] () -- C:\Windows\registry.ini [2008.02.01 20:55:17 | 000,000,438 | ---- | C] () -- C:\Windows\registry-oem.ini [2008.02.01 13:55:10 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9A2B2B2D @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:70B3C619 < End of report > |
|
29.04.2010, 19:15
| #5 |
| | img068438960802010.jpg.scr Troja? 2. OTL Extras logfile created on: 29.04.2010 20:07:54 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\GJM\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 423,31 Gb Total Space | 151,25 Gb Free Space | 35,73% Space Free | Partition Type: NTFS Drive D: | 10,30 Gb Total Space | 1,00 Gb Free Space | 9,71% Space Free | Partition Type: NTFS Drive E: | 686,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 32,15 Gb Total Space | 32,06 Gb Free Space | 99,72% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GJM- Current User Name: GJM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3260949661-3431171585-4215125959-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Public\winvcsn.exe" = C:\Users\Public\winvcsn.exe:*:Enabled:WindowsUpdateControl -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AEFEBA3-DE00-4A33-AAF8-761053724C88}" = lport=139 | protocol=6 | dir=in | app=system | "{0BDA4E11-B1F6-4EFD-928D-29A683CF838E}" = lport=137 | protocol=17 | dir=in | app=system | "{0E2204A4-8E5C-4A38-BFAE-9EA60495730E}" = rport=445 | protocol=6 | dir=out | app=system | "{1450BAE6-245C-4B9F-B353-72DB0575D229}" = lport=445 | protocol=6 | dir=in | app=system | "{529A026F-D882-46CB-858E-AF3C08609CC6}" = lport=138 | protocol=17 | dir=in | app=system | "{5803E1A7-9594-44B0-AF49-0A0114E5D247}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{613D00B0-5EAA-454C-97A0-DD1366DACD80}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6699A9CB-520A-4DFF-BEB7-39C75F0AD357}" = rport=139 | protocol=6 | dir=out | app=system | "{B4C5156B-D653-40FD-81B2-1CBD58A64E4B}" = rport=137 | protocol=17 | dir=out | app=system | "{C7D98ADD-5763-487E-99B2-320A918CF99D}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BE9B919-8BBD-42FC-8B62-06171CD96E8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{14CA13AF-DA3B-4033-804B-BB8AF2FA97FA}" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | "{1C06DB17-3D0C-40B8-9327-117DE422646D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{1EE8341A-B510-41D8-8690-4042F90D0863}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fear2\fear2.exe | "{27997D65-EE3C-471D-BA56-D815A3057267}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fear2\fear2.exe | "{2CFD1CEB-0429-46B3-BED9-3A2DE01AC062}" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | "{41FAAEEF-D1D4-420A-888B-D40915B572E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{44797527-BC7E-445F-B1D9-85E746CCE53A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{47C97879-01E0-4F89-879B-D240DC1E851C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{61C72692-F8D0-4FF7-B6C7-723E46330B6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{68DB04EC-4F32-4D9C-A237-EC37EA2A8D36}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fear2\fear2.exe | "{74FC15A2-A773-4033-BE8C-9281D5D89047}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fear2\fear2.exe | "{7D624F2E-6ECC-4E20-9D36-7FABECE5EC62}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7F1A01CD-21F8-48E9-BDAC-E0DDE4056D1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{8193266D-4A1F-418E-B773-5670EED2697D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{9D5E33B5-A23A-4C53-B76B-415518DD3AEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A06DDC41-A088-4062-91FB-FA8D261460D5}" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | "{C00F6D38-3005-44EA-91E7-C87F834177F4}" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | "{DB73C35F-9994-4DB9-A6C9-3AD6ADD1FE06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "TCP Query User{021C7ADB-233B-45BA-876A-24BEB696A6CB}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "TCP Query User{05BB4B85-5267-4255-8466-389B2A6832BB}C:\users\gjm\appdata\local\temp\rar$ex06.686\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex06.686\teamspeak3-server_win32\ts3server_win32.exe | "TCP Query User{0C07796C-22C1-4EBB-9B5D-E804D5CE4D4C}C:\program files\postal2stp\system\postal2mp.exe" = protocol=6 | dir=in | app=c:\program files\postal2stp\system\postal2mp.exe | "TCP Query User{0E6BC3EA-0FA5-4B41-A52F-FFADE0C2002F}C:\users\gjm\appdata\local\temp\rar$ex00.756\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex00.756\teamspeak3-server_win32\ts3server_win32.exe | "TCP Query User{10AB5E79-530E-4DC5-B2F9-080A92BA7D13}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{1C93894D-FE89-4777-925B-F95767E72259}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{25946CF3-F70C-4BA4-94F7-9B68810BAD49}C:\program files\sierra\fear1\fearserver.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fear1\fearserver.exe | "TCP Query User{2E826A0A-7A77-4B4D-80A5-2AF3C30835C7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{3EF794EC-E8CD-48E0-AA00-3A70C74F8BD3}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | "TCP Query User{45B4C40F-CE62-40E0-A7A0-D44F26D82E5F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{4A6A04BC-43D5-43B3-8AB3-3EB56A1CFD7E}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | "TCP Query User{4F573C21-D27F-42BB-8F2D-D24952861CB3}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | "TCP Query User{67EDB3DA-9870-4EA0-82D3-0A416B5F820A}C:\program files\phoenix showcontroller\bin\realtime.exe" = protocol=6 | dir=in | app=c:\program files\phoenix showcontroller\bin\realtime.exe | "TCP Query User{691DE883-108B-46E1-AEBD-96DC68991D1B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{6CF08A37-A97B-419F-848D-74DEF4C9B8B6}C:\program files\sierra\fearcombat\fearserver.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearserver.exe | "TCP Query User{7B7D3EEB-6FCA-4487-91A6-AE17AE1EA4B7}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | "TCP Query User{7E94EF4A-E6C0-44DB-856D-C764604066A5}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{80839E32-34E2-492D-93A9-83414092C436}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{8FFA86EA-0954-4642-9CF1-8105B3057FEF}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{98B8B56B-CD98-46D4-8BD0-00773D8C9EC0}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{99A77415-10BE-449A-B461-1F8DC4ABB957}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{AAEB4E89-D8EF-44B6-8C71-47976DF9DE55}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{B81CF2DF-BEFC-438A-B3A2-3F3886B9B268}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "TCP Query User{C616D4F0-0E71-48E9-94C2-6EF782D4973F}C:\users\gjm\appdata\local\temp\rar$ex26.574\routerclient.exe" = protocol=6 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex26.574\routerclient.exe | "TCP Query User{C93B9B20-737E-43FF-8697-16D1E7419581}C:\users\gjm\appdata\local\temp\rar$ex02.745\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex02.745\teamspeak3-server_win32\ts3server_win32.exe | "TCP Query User{C9D90DEC-7608-4F70-8907-BD2A8EAA3214}C:\users\gjm\downloads\emule\emule.exe" = protocol=6 | dir=in | app=c:\users\gjm\downloads\emule\emule.exe | "TCP Query User{E3D29807-D402-416D-8CEA-CFDB9B2DFBCA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{E999D7B6-0C26-44CF-80B6-B4B7BA936D75}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{EF4B8556-99D5-458D-AF1A-829755232F08}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | "TCP Query User{F7BC9FEA-3462-4DD4-8ECC-E9DFBF7FD231}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{01753057-8553-4D62-82C7-45584B5CBFEA}C:\program files\postal2stp\system\postal2mp.exe" = protocol=17 | dir=in | app=c:\program files\postal2stp\system\postal2mp.exe | "UDP Query User{0B905177-F5E8-420F-AF14-477A7F053A56}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{1B52FE6E-3AEC-45F8-97AB-F709348749AD}C:\program files\phoenix showcontroller\bin\realtime.exe" = protocol=17 | dir=in | app=c:\program files\phoenix showcontroller\bin\realtime.exe | "UDP Query User{21F4E2A3-53AD-42F7-9658-E3967DFF692A}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{220A048E-DC4B-4BCD-9F1A-91304C295430}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{26C284C7-9D7E-4D2F-977E-522C37339E4C}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{2A6CB204-9AA3-4141-B178-0066216AA425}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | "UDP Query User{43FFAFFC-2F1C-442C-8717-A5BF7CC94944}C:\users\gjm\appdata\local\temp\rar$ex26.574\routerclient.exe" = protocol=17 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex26.574\routerclient.exe | "UDP Query User{4C1BF990-9122-4E2E-9F5F-54C05A2CC15A}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{546EC16D-B8CC-4D96-8DF0-3317DACD817D}C:\users\gjm\appdata\local\temp\rar$ex06.686\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex06.686\teamspeak3-server_win32\ts3server_win32.exe | "UDP Query User{590A5591-4E48-491A-8666-50926F3BCBD6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{5DA8FE8E-2C69-42A0-9DCD-EAF297D80FB8}C:\program files\sierra\fearcombat\fearserver.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearserver.exe | "UDP Query User{7886F9EF-B02A-4FB9-98C6-4547F67B37E6}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | "UDP Query User{83FCC259-51B1-44AB-A4FC-005311F9543B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{9905F359-2A48-4CF0-BC5E-7A78E6FE89AB}C:\users\gjm\appdata\local\temp\rar$ex02.745\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex02.745\teamspeak3-server_win32\ts3server_win32.exe | "UDP Query User{9CB20854-2631-43B5-B939-5426C01DB917}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | "UDP Query User{9E990719-0B44-47A9-BA71-412FFD135402}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{ADE255C4-1451-477F-9352-BF9BFABF7E63}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{BC42155F-7878-4051-A387-A2E976AC36B9}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{BF8F6115-C274-4FB4-A36C-A376AA417A40}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{C9C5301B-908F-4A6C-BB46-2716692C4617}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{CA3F743E-68F0-4F92-8D5F-1AF82B768494}C:\users\gjm\downloads\emule\emule.exe" = protocol=17 | dir=in | app=c:\users\gjm\downloads\emule\emule.exe | "UDP Query User{CD07B7E0-1A13-41E6-BA42-160AACEBE6B1}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{D0B60B34-EBD9-4567-A759-79ABB26C0E2E}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | "UDP Query User{D5D5B9F1-089A-4701-9D15-DB92813FC3CD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{F7E9A270-B528-4A01-B424-355653EDD65D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{FA11036D-1353-482C-AAEC-F1FBF2183F7A}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | "UDP Query User{FA1D71EB-135E-467E-9F63-6A142A60C68B}C:\program files\sierra\fear1\fearserver.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fear1\fearserver.exe | "UDP Query User{FAAF09FE-738E-454C-9EDA-586A09E23EA0}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{FB007C8B-405F-43AD-B9B2-0EF8F26D6A70}C:\users\gjm\appdata\local\temp\rar$ex00.756\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\gjm\appdata\local\temp\rar$ex00.756\teamspeak3-server_win32\ts3server_win32.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01930DB9-DF4B-44DB-166B-D9D9A1D0FD8B}" = Catalyst Control Center Localization Danish "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{059EDAA4-242F-9425-5A89-C8AAF9550781}" = Catalyst Control Center Graphics Full New "{09131B3A-D267-0BB7-3F06-DC9928B49A83}" = Catalyst Control Center Localization Korean "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0A8877D9-2951-7554-BBAC-573B45BA5261}" = Catalyst Control Center Localization Chinese Traditional "{0B135CFC-45FB-063A-197B-4DE76892F829}" = CCC Help Italian "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19CC505B-7FC5-A8AC-F09B-8D73451A9B39}" = Catalyst Control Center Localization German "{1B140425-1EA0-4AB8-BB31-1830C4A0A1F2}" = DWGeditor "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F85EC9D-8792-4ACD-9558-1F78237C3510}" = Catalyst Control Center Localization Turkish "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{24F93FEC-6EC7-075C-249B-62442CA0026A}" = CCC Help Dutch "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{25E0A19C-1DDE-5B4B-1B0B-55258B980427}" = CCC Help Swedish "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20 "{272710E9-8E78-8A4C-BE61-B688EB6EF9B9}" = CCC Help French "{2D98763D-63AF-4D27-B554-5866C25E5294}" = PHOENIX Showcontroller "{2F1F56CE-9F36-695E-5F6C-8F6554B17876}" = Catalyst Control Center Localization Czech "{2F34303C-F485-41FD-04D3-B71CE3352D9F}" = Catalyst Control Center Localization Portuguese "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00 "{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{343F9F5A-AA17-4D61-B451-AA628D106B77}" = Skins "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{37093BBD-A3ED-77CD-1483-7AF0428B2772}" = CCC Help Spanish "{3717A572-2F7F-7224-5A78-495257CD16E2}" = Catalyst Control Center Localization Finnish "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3DF537E0-614B-CAA6-5D12-D18A9804224A}" = CCC Help German "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1" = OGG to MP3 Converter 1.2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4E6BF3B3-9DAE-CB8E-97A3-F79AD996007E}" = CCC Help Thai "{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding "{51EBE1ED-60AD-E43F-A1ED-282F9F217374}" = ccc-utility "{52C5486C-ADA3-462E-8A8C-2B6A15965BF5}" = SolidWorks 2009 SP03 "{53BB5CF3-1BEE-DD11-8254-232E6C5C58AE}" = CCC Help Korean "{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58CE08B6-9BD4-8BE6-73C2-2D444026060C}" = CCC Help Greek "{5CF94ABE-4A38-8175-A7D1-5B42C4A936F6}" = ATI Catalyst Install Manager "{5D3170EA-B24F-2B5C-25FD-7FD3112C081D}" = Catalyst Control Center Localization Norwegian "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{636194CF-A7A3-01FA-73D5-FA33EF7FDF7B}" = CCC Help Portuguese "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{68BE4D42-AB44-A43C-0A1B-8E8E3F0E0C4D}" = Catalyst Control Center Graphics Previews Vista "{698F2F83-B413-A8A1-2DA4-FD1A3029526E}" = Catalyst Control Center Localization Greek "{69DE68DE-0E07-0EFA-0D03-15272DF054F7}" = CCC Help Finnish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{77962FE1-396A-A7D6-EEB5-3AD84F95A9B7}" = Catalyst Control Center Localization French "{782FA1AF-9520-E518-B0EA-EE88F9DE0414}" = CCC Help Polish "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7ED124D9-8868-D71F-D30D-75A6369789E3}" = CCC Help Russian "{80BA07B3-537F-4189-92F7-26E2BA76095A}" = SolidWorks eDrawings 2009 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83D013C0-D13C-A05F-ADAD-B7CCD5E4184A}" = Catalyst Control Center Localization Swedish "{87A17751-BB5A-2AAE-E2B0-29779EB4890A}" = Catalyst Control Center Localization Chinese Standard "{8804F395-4CFA-E6F8-8BB8-4A77B880A8E2}" = Catalyst Control Center Localization Spanish "{8F4B0B26-F5F5-DACD-80E8-354820F811C7}" = Catalyst Control Center Localization Italian "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91CB241A-31F6-0A86-574C-1C4D106533F1}" = Catalyst Control Center Graphics Light "{92D6A585-2790-40AA-AEA7-D8D954E7E808}" = WinExpert "{94D44A34-2542-012D-72E4-BC4F7A2D45FB}" = ccc-core-static "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9A231406-6D78-55B7-D488-D39FE2DAAA12}" = Catalyst Control Center Graphics Full Existing "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B163B70-C288-6B45-75D7-3FCC0B575F3D}" = Catalyst Control Center Localization Thai "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{9E3C27C5-7DF7-ADB9-0A03-2B4A51FCE75D}" = CCC Help Turkish "{AC3941FD-522A-0CA8-E7D4-B791EA1D05AE}" = Catalyst Control Center Localization Russian "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch "{ADDA95FD-859F-8FF8-886C-1FCF3D45EC24}" = CCC Help Czech "{AEF545C7-9B16-D053-BD96-773DA14F9AB5}" = Catalyst Control Center Localization Hungarian "{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements "{AFB784D9-36E4-4367-3225-7EA1F89795CC}" = Catalyst Control Center Localization Dutch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B588F1BF-02C9-2454-ABAB-420B371EA715}" = CCC Help Japanese "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BE73C2EC-FFA1-DB9F-B4D1-A78813BDE46A}" = Catalyst Control Center Localization Polish "{C402BE7E-17AE-63D9-2418-CF87FB022946}" = Catalyst Control Center Graphics Previews Common "{C58167D3-4FEC-B217-0155-1E19C6B50C53}" = CCC Help Norwegian "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C5D2A380-ED2C-4395-A326-F00DEE676C8A}" = SolidWorks 2009 API SDK "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C8E7B1C5-B9AA-18E2-049D-EF3792A71A47}" = CCC Help Hungarian "{CACBDE9F-547A-4B3E-B04D-DE9C6D6CA3D4}" = Laserworld Showeditor 2008 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD7340BF-69F5-0DEF-2DB9-806AB914F970}" = CCC Help Chinese Standard "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2 "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU "{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "{DA376EB0-0973-46BC-BBC3-538494DE09D8}" = Utopia Software Suite Demo "{DDD04533-8F0C-496F-A7D4-067510745DE4}" = SolidWorks viewer "{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E2042C34-4B32-B3CD-17AD-AA645750FE35}" = CCC Help English "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1 "{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1 "{E8FA1C46-100F-1825-0FFC-A50D808DCFCB}" = CCC Help Chinese Traditional "{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor "{EA7389EF-3392-6783-F681-9265BBEF1637}" = Catalyst Control Center Localization Japanese "{EDA561A4-9455-4FD7-9506-077040E0B78D}" = SolidWorks SolidNetWork License Manager "{EE1781CC-6EC9-4E91-8291-9AA4DE4A4224}" = Laserworld Showeditor 2009 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8630C82-B5F7-80AA-B752-52224F82F185}" = CCC Help Danish "{F912A817-C97F-8DCC-BCE9-FFB2F2B39BD9}" = Catalyst Control Center Core Implementation "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Any Video Converter_is1" = Any Video Converter 2.7.5 "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BearShare MediaBar" = MediaBar 2.0 "CCleaner" = CCleaner "Coop Warfare0.7" = Coop Warfare 0.7 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch "Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition "First Contact: Planetfall" = First Contact: Planetfall "Fraps" = Fraps (remove only) "Free Studio_is1" = Free Studio version 4.1 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "free-downloads.net Toolbar" = free-downloads.net Toolbar "FTDICOMM" = FTDI USB Serial Converter Drivers "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry "JDownloader" = JDownloader "MAGIX Foto Manager D" = MAGIX Foto Manager (D) "MAGIX music maker 2005 silver D" = MAGIX music maker 2005 silver (D) "MAGIX Music Manager D" = MAGIX Music Manager (D) "MAGIX music studio 2006 deLuxe D" = MAGIX music studio 2006 deLuxe (D) "MAGIX Online Druck Service" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McLoad Preinstaller" = McLoad Preinstaller "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU "More Gore v0.2" = More Gore v0.2 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.250 (D) "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Testversion von Microsoft Office Home and Student 2007 "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnose Tools "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4 "Postal Fudge Pack" = Postal Fudge Pack "PunkBusterSvc" = PunkBuster Services "Rainbow Sentinel Driver" = Sentinel System Driver "Red Alert 2" = Command & Conquer Alarmstufe Rot 2 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Sierra Utilities" = Sierra Utilities "SolidWorks Installation Manager 20090-40300-1100-200" = SolidWorks 2009 SP03 "SpeedFan" = SpeedFan (remove only) "Stardock MyColors" = Stardock MyColors "Steam App 16450" = F.E.A.R. 2: Project Origin "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar "Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.01.2010 11:43:29 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xd00, Anwendungsstartzeit 01ca991e252a816f. Error - 19.01.2010 17:02:11 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xcb4, Anwendungsstartzeit 01ca994aab11e0f6. Error - 20.01.2010 11:56:27 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xcdc, Anwendungsstartzeit 01ca99e91f415610. Error - 21.01.2010 11:46:20 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x96c, Anwendungsstartzeit 01ca9ab0e02d3f35. Error - 22.01.2010 11:43:27 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x824, Anwendungsstartzeit 01ca9b79a3aec9e4. Error - 23.01.2010 07:34:07 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x900, Anwendungsstartzeit 01ca9c1ff87335f9. Error - 23.01.2010 08:02:33 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xb24, Anwendungsstartzeit 01ca9c23f146b65a. Error - 23.01.2010 08:06:41 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x980, Anwendungsstartzeit 01ca9c24859a8a0c. Error - 23.01.2010 09:11:24 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xd84, Anwendungsstartzeit 01ca9c2d9026965e. Error - 23.01.2010 13:28:03 | Computer Name = GJM- | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung lmgrd.exe, Version 11.4.100.0, Zeitstempel 0x4644cd22, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xd9c, Anwendungsstartzeit 01ca9c516a67fad6. [ Media Center Events ] Error - 10.02.2009 19:00:29 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 10.02.2009 21:08:21 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 19.02.2009 18:16:24 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 26.03.2009 20:12:40 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 12.04.2009 16:43:42 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 03.06.2009 12:58:03 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 26.06.2009 08:19:21 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 20.01.2010 18:02:27 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 06.04.2010 06:54:35 | Computer Name = GJM- | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 28.04.2010 10:31:17 | Computer Name = GJM- | Source = atikmdag | ID = 43033 Description = Edid checksum error Error - 28.04.2010 10:31:17 | Computer Name = GJM- | Source = atikmdag | ID = 43033 Description = Edid checksum error Error - 28.04.2010 10:32:54 | Computer Name = GJM- | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2010 10:32:54 | Computer Name = GJM- | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2010 12:29:42 | Computer Name = GJM- | Source = Service Control Manager | ID = 7006 Description = Error - 29.04.2010 11:02:35 | Computer Name = GJM- | Source = atikmdag | ID = 43033 Description = Edid checksum error Error - 29.04.2010 11:02:35 | Computer Name = GJM- | Source = atikmdag | ID = 43033 Description = Edid checksum error Error - 29.04.2010 11:02:35 | Computer Name = GJM- | Source = atikmdag | ID = 43033 Description = Edid checksum error Error - 29.04.2010 11:04:12 | Computer Name = GJM- | Source = Service Control Manager | ID = 7000 Description = Error - 29.04.2010 11:04:12 | Computer Name = GJM- | Source = Service Control Manager | ID = 7001 Description = < End of report > |
|
29.04.2010, 19:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | img068438960802010.jpg.scr Troja? Du solltest doch zuerst den Vollscan mit Malwarebytes machen...
__________________ --> img068438960802010.jpg.scr Troja? |
|
29.04.2010, 22:34
| #7 |
| | img068438960802010.jpg.scr Troja? Ach shit... hab den schon durchlaufen lassen aber vergessen den Log zu posten  geht des wenn ich nochmal n scan mache und den log dan poste? oder wenn ich beide in der reihenfolge nochmal durchlaufen lasse? Ich hab den Log gefunden    hier ist er Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4051
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
29.04.2010 19:58:09
mbam-log-2010-04-29 (19-58-09).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 306858
Laufzeit: 1 Stunde(n), 21 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsupdatecontrol (Trojan.Downloader) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Public\winvcsn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
|
|
30.04.2010, 12:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | img068438960802010.jpg.scr Troja? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [WindowsUpdateControl] C:\Users\Public\winvcsn.exe File not found
[2010.04.29 19:58:33 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\bhsf.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.05.2010, 17:23
| #9 |
| | img068438960802010.jpg.scr Troja? So hab nun den Logfile All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. C:\Program Files\Search Settings\kb127\SearchSettings.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully. C:\Program Files\free-downloads.net\tbfree.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully. Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. File C:\Program Files\Search Settings\kb127\SearchSettings.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. File C:\Program Files\free-downloads.net\tbfree.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ deleted successfully. C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. File downloads.net\tbfree.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found. File C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ not found. File downloads.net\tbfree.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully. C:\Program Files\SweetIM\Messenger\SweetIM.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsUpdateControl deleted successfully. File C:\Windows\System32\drivers\bhsf.sys not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: GJM ->Temp folder emptied: 7373260 bytes ->Temporary Internet Files folder emptied: 598882 bytes ->Java cache emptied: 58126347 bytes ->FireFox cache emptied: 99684948 bytes ->Flash cache emptied: 7158 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8405015 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 166,00 mb OTL by OldTimer - Version 3.2.3.0 log created on 05032010_180731 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot... Danke für die Hilfe |
|
03.05.2010, 17:27
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | img068438960802010.jpg.scr Troja? Ok, dann mach jetzt CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2010, 19:52
| #11 |
| | img068438960802010.jpg.scr Troja? So. Habs ausgeführt wie beschrieben. Hier der Log. ComboFix 10-05-03.06 - GJM 04.05.2010 20:33:19.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1345 [GMT 2:00] ausgeführt von:: c:\users\GJM\Desktop\cofi.exe SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3260949661-3431171585-4215125959-1002 c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\windows\icon.ico . ((((((((((((((((((((((( Dateien erstellt von 2010-04-04 bis 2010-05-04 )))))))))))))))))))))))))))))) . 2010-05-04 18:42 . 2010-05-04 18:42 -------- d-----w- c:\users\GJM\AppData\Local\temp 2010-05-04 18:42 . 2010-05-04 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-03 16:07 . 2010-05-03 16:07 -------- d-----w- C:\_OTL 2010-04-29 21:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 21:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 15:24 . 2010-04-29 15:24 -------- d-----w- c:\users\GJM\AppData\Roaming\Malwarebytes 2010-04-29 15:24 . 2010-04-29 15:24 -------- d-----w- c:\programdata\Malwarebytes 2010-04-29 15:24 . 2010-05-02 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-28 20:59 . 2010-05-04 18:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-28 20:59 . 2010-04-28 21:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-28 17:49 . 2010-04-28 17:49 388096 ----a-r- c:\users\GJM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-28 17:49 . 2010-04-28 17:49 -------- d-----w- c:\program files\Trend Micro 2010-04-28 16:33 . 2010-04-28 16:33 -------- d-----w- c:\users\GJM\AppData\Roaming\Avira 2010-04-28 16:29 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-28 16:29 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-28 16:29 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-28 16:29 . 2010-04-28 16:29 -------- d-----w- c:\programdata\Avira 2010-04-28 16:29 . 2010-04-28 16:29 -------- d-----w- c:\program files\Avira 2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- c:\program files\CCleaner 2010-04-21 21:08 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-18 10:33 . 2010-04-18 10:33 -------- d-----w- c:\program files\OGG to MP3 Converter 2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll 2010-04-15 15:39 . 2010-04-15 15:39 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-04-15 15:39 . 2010-04-15 15:39 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-04-15 15:39 . 2010-04-15 15:39 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-04-15 15:38 . 2010-04-15 15:38 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-04-10 14:21 . 2010-04-10 14:21 16361984 ----a-w- c:\windows\system32\imageres.dll 2010-04-10 14:20 . 2010-04-10 14:20 -------- d-----w- c:\programdata\Stardock 2010-04-10 14:19 . 2010-04-10 14:19 -------- d-----w- c:\program files\Common Files\Stardock 2010-04-10 14:19 . 2010-04-10 14:19 -------- d--h--w- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934} 2010-04-10 14:19 . 2008-06-20 17:31 2559016 ----a-w- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}\MyColors.exe 2010-04-10 14:19 . 2010-04-10 14:19 -------- d-----w- c:\program files\Stardock . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-04 18:36 . 2008-02-04 21:39 618204 ----a-w- c:\windows\system32\perfh007.dat 2010-05-04 18:36 . 2008-02-04 21:39 122442 ----a-w- c:\windows\system32\perfc007.dat 2010-05-04 18:30 . 2009-12-14 19:51 -------- d-----w- c:\program files\SolidWorks SolidNetWork License Manager 2010-05-04 15:42 . 2009-02-12 20:34 -------- d-----w- c:\program files\Steam 2010-05-04 15:41 . 2009-12-14 20:01 -------- d-----w- c:\users\GJM\AppData\Roaming\IM 2010-05-03 16:07 . 2008-11-17 23:03 -------- d-----w- c:\program files\free-downloads.net 2010-04-29 21:42 . 2008-04-27 11:29 -------- d-----w- c:\users\GJM\AppData\Roaming\Xfire 2010-04-29 19:27 . 2008-05-29 21:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-04-29 19:26 . 2008-05-29 21:19 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-04-29 18:01 . 2008-04-27 11:29 -------- d-----w- c:\programdata\Xfire 2010-04-29 17:58 . 2008-04-13 17:42 -------- d-----w- c:\program files\ICQToolbar 2010-04-25 01:06 . 2009-12-19 22:59 -------- d-----w- c:\users\GJM\AppData\Roaming\TS3Client 2010-04-24 14:04 . 2008-04-13 17:42 -------- d-----w- c:\users\GJM\AppData\Roaming\ICQ 2010-04-24 12:47 . 2009-11-29 21:48 -------- d-----w- c:\program files\JDownloader 2010-04-21 21:08 . 2008-02-04 14:06 -------- d-----w- c:\program files\Java 2010-04-20 16:14 . 2008-04-27 11:29 -------- d-----w- c:\program files\Xfire 2010-04-15 15:39 . 2010-03-21 13:10 -------- d-----w- c:\programdata\DivX 2010-04-15 15:39 . 2008-04-07 22:03 -------- d-----w- c:\program files\DivX 2010-04-15 15:38 . 2010-03-21 13:13 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-04-15 15:38 . 2010-03-21 13:13 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-04-12 15:36 . 2008-02-04 13:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-09 17:56 . 2008-03-20 11:43 5426 ----a-w- c:\users\GJM\AppData\Roaming\wklnhst.dat 2010-04-08 19:34 . 2009-02-12 20:34 -------- d-----w- c:\program files\Common Files\Steam 2010-04-08 10:57 . 2008-05-28 20:14 -------- d-----w- c:\program files\SpeedFan 2010-04-07 06:22 . 2008-05-27 19:54 680 ----a-w- c:\users\GJM\AppData\Local\d3d9caps.dat 2010-03-30 20:23 . 2008-02-04 14:06 -------- d-----w- c:\program files\Common Files\Java 2010-03-27 13:08 . 2008-05-07 14:32 -------- d-----w- c:\users\GJM\AppData\Roaming\DivX 2010-03-24 21:54 . 2009-12-14 20:35 -------- d-----w- c:\users\GJM\AppData\Roaming\SolidWorks 2010-03-24 17:26 . 2010-03-24 17:26 -------- d-----w- c:\program files\SystemRequirementsLab 2010-03-21 13:13 . 2010-03-21 13:13 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-03-21 13:13 . 2010-03-21 13:13 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-03-21 13:12 . 2010-03-21 13:12 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-03-21 13:12 . 2010-03-21 13:12 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-03-21 01:34 . 2008-04-19 09:11 -------- d-----w- c:\program files\eMule 2010-03-21 01:34 . 2008-04-15 15:15 -------- d-----w- c:\programdata\eMule 2010-03-21 01:33 . 2008-02-04 14:12 -------- d-----w- c:\program files\HP Games 2010-03-21 01:33 . 2008-02-04 14:12 -------- d-----w- c:\programdata\WildTangent 2010-03-21 01:31 . 2008-04-13 19:53 -------- d-----w- c:\program files\Sierra 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-20 01:11 . 2010-02-20 01:11 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-16 12:24 . 2009-05-16 00:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2008-02-04 22:16 . 2008-02-04 21:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):e7,fd,b0,4f,2a,ee,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3260949661-3431171585-4215125959-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-06-23 717296] R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\program files\SolidWorks SolidNetWork License Manager\lmgrd.exe [2007-05-11 1372160] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352] R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088] R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880] R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016] R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632] R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616] R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512] R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648] R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 zlportio;zlportio;c:\program files\MediaLas\Mamba Black DEMO\zlportio.sys [x] R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = mStart Page = mLocal Page = uInternet Settings,ProxyOverride = fritz.box IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\GJM\AppData\Roaming\Mozilla\Firefox\Profiles\gsjc9dsm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file) BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-05-04 20:42 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3260949661-3431171585-4215125959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:9c,82,22,57,9d,f5,a6,54,73,13,87,d2,23,4a,52,1f,d9,24,ab,80,26,a7,42, d1,b4,4a,f0,d1,c7,42,60,f6,23,8f,37,dc,37,20,9e,cc,7a,c4,e1,43,e9,44,e8,86,\ "??"=hex:9b,be,e1,0a,49,0d,2e,b2,e2,cb,8e,fe,f8,dd,a7,0d [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6813e9f3-5445-4c54-8457-ec4b7dd04830}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c001e8c "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9f98399b-54d1-4569-ab76-4696de168d4a}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0d001c4a "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{beca6706-d782-4505-b84f-16ec8552dba2}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0e001c4a "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c63b0c6d-b05e-4279-b83a-3c11e53510cb}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:10020054 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:06001422 "Dhcpv6State"=dword:00000000 . Zeit der Fertigstellung: 2010-05-04 20:46:24 ComboFix-quarantined-files.txt 2010-05-04 18:46 Vor Suchlauf: 16 Verzeichnis(se), 161.500.053.504 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 161.423.409.152 Bytes frei - - End Of File - - 9019B2C76D490F4F61E9BF6DA761C36D |
|
04.05.2010, 21:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | img068438960802010.jpg.scr Troja? Ok. Noch Meldungen? Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2010, 16:03
| #13 |
| | img068438960802010.jpg.scr Troja? Sorry das es so lange gedauert hat war aber zeitweise nicht zu hause. Meldungen hab ich bis jetzt keine mehr. hier der Malewarebytes Log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4069 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 14.05.2010 16:58:53 mbam-log-2010-05-14 (16-58-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 321497 Laufzeit: 1 Stunde(n), 29 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und SuperAntiSpyware SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/14/2010 at 03:22 PM Application Version : 4.37.1000 Core Rules Database Version : 4933 Trace Rules Database Version: 2745 Scan type : Complete Scan Total Scan Time : 00:43:19 Memory items scanned : 802 Memory threats detected : 0 Registry items scanned : 7744 Registry threats detected : 0 File items scanned : 38705 File threats detected : 2 Adware.Tracking Cookie C:\Users\GJM\AppData\Roaming\Microsoft\Windows\Cookies\gjm@xfire.adbureau[2].txt C:\Users\GJM\AppData\Roaming\Microsoft\Windows\Cookies\gjm@atwola[1].txt |
|
14.05.2010, 16:52
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | img068438960802010.jpg.scr Troja?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2010, 14:15
| #15 |
| | img068438960802010.jpg.scr Troja? bin gerade dabei noch n suchlauf zu machen. war aber glaub ich aktuell, hab den scan vor n paar tagen gemacht und den log aus dem programm geholt, wird des datum dann aktualisiert? aufjedenfall kommt der log. sobald der scan beendet ist. Geändert von GJM (15.05.2010 um 14:40 Uhr) |
|
| Themen zu img068438960802010.jpg.scr Troja? |
| .jpg.scr, ausgeführt, datei, dateien, eimer, erfahrung, euro, frage, freund, gesuch, gesucht, google, helft, link, nicht öffnen, ordner, problem, runter, teure, troja, trojas, verdammt, wenig, öffnen |
Linear-Darstellung
