|
Plagegeister aller Art und deren Bekämpfung: mehrere div. Trojaner auf´m PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.04.2010, 15:29 | #1 |
| mehrere div. Trojaner auf´m PC Hallo, und zwar habe ich folgendes problem. Ich war im Internet, da hat AntiVir mit einmal angeschlagen und angezeigt, dass ein Trojaner gefunden wurde! Diesen habe ich erstmal in die Quarantäne verschoben, da kam auch schon die nächste Meldung! Wiederum habe ich den Trojaner in die Quarantäne verschoben. Daraufhin habe ich mein PC scannen lassen, dabei wurden insgesamt 8 Trojaner gefunden! Hier die Namen der Trojaner: TR/BHO.afti (2x MAL) TR/BHO.315392 TR/ATRAPS.Gen (2x MAL) TR/Crypt.XPACK.Gen TR/Dropper.Gen (2x MAL) Ich habe zwar ein bissen Ahnung vom PC, jedoch überhaupt gar keine, was dieses Thema angeht! Deshalb hoffe ich, dass mir hier einer helfen kann^^ Im Internet habe ich gelesen, dass man ComboFix anwenden soll. Das habe ich getan, die LOG-Datei füge ich mit ein! SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-421319290-3364149163-1093676711-500 c:\users\Dexter\AppData\Roaming\sdra64.exe . ((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-29 )))))))))))))))))))))))))))))) . 2010-04-28 19:25 . 2010-04-28 19:25 730624 ----a-w- c:\users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3\newupdate1142C.exe 2010-04-28 19:25 . 2010-04-28 19:25 -------- d-----w- c:\users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3 2010-04-28 19:25 . 2010-04-29 16:03 -------- d-sh--w- c:\users\Dexter\AppData\Roaming\lowsec 2010-04-25 14:32 . 2010-04-25 21:29 714106904 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ }\Manager_10_Update_4.exe 2010-04-22 19:35 . 2010-04-22 19:35 -------- d-----w- c:\program files\Veetle 2010-04-15 13:35 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 13:35 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 13:35 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 13:35 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 13:35 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 13:35 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 13:33 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 13:33 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-15 13:33 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-13 17:11 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2010-04-13 17:11 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-06 13:32 . 2010-04-13 19:04 -------- d-----w- c:\program files\Metin2 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-29 16:32 . 2006-11-02 15:33 664044 ----a-w- c:\windows\system32\perfh007.dat 2010-04-29 16:32 . 2006-11-02 15:33 142222 ----a-w- c:\windows\system32\perfc007.dat 2010-04-16 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-16 11:57 . 2007-10-11 22:32 -------- d-----w- c:\programdata\Microsoft Help 2010-04-12 17:24 . 2010-03-28 11:25 -------- d-----w- c:\users\Dexter\AppData\Roaming\OfferBox 2010-03-28 11:27 . 2010-03-28 11:27 -------- d-----w- c:\users\Dexter\AppData\Roaming\freeTVRadio 2010-03-28 11:26 . 2010-03-28 11:26 -------- d-----w- c:\program files\OfferBoxSearch 2010-03-28 11:26 . 2010-03-28 11:26 -------- d-----w- c:\program files\freeTVRadio 2010-03-28 07:58 . 2010-03-28 07:31 -------- d-----w- c:\program files\Common Files\PPLiveNetwork 2010-03-28 07:58 . 2010-03-28 07:31 -------- d-----w- c:\users\Dexter\AppData\Roaming\PPLive 2010-03-28 07:53 . 2010-03-28 07:31 -------- d-----w- c:\programdata\PPLive 2010-03-28 07:36 . 2010-03-28 07:31 -------- d-----w- c:\programdata\Jlcm 2010-03-28 07:31 . 2010-03-28 07:31 -------- d-----w- c:\program files\PPLive 2010-03-26 13:50 . 2010-03-05 20:37 443912 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-03-09 16:28 . 2010-03-31 15:54 833024 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:25 . 2010-03-31 15:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 14:01 . 2010-03-31 15:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-06 13:34 . 2010-03-06 13:34 -------- d-----w- c:\program files\Basement Softworks 2010-03-06 13:15 . 2010-03-06 13:15 118784 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-02-28 13:32 . 2007-11-19 17:48 84872 ----a-w- c:\users\Dexter\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\Dexter\AppData\Roaming\Mozilla\Firefox\Profiles\a2mwn945.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2010-02-24 08:16 . 2009-10-02 20:54 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-20 23:39 . 2010-03-14 19:32 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:37 . 2010-03-14 19:32 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 21:18 . 2010-03-14 19:32 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-20 18:11 . 2010-02-20 18:11 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-02-20 18:01 . 2009-12-12 11:34 439816 ----a-w- c:\users\Dexter\AppData\Roaming\Real\Update\setup3.09\setup.exe 2010-02-12 10:48 . 2010-03-06 13:18 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-01 14:22 . 2010-02-01 14:22 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4236.tmp.exe 2002-12-11 22:14 . 2002-12-11 22:14 13312 ----a-w- c:\program files\msdmo.dll 2007-11-28 19:28 . 2007-12-26 11:57 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 19:28 . 2007-12-26 11:57 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 19:28 . 2007-12-26 11:57 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 19:28 . 2007-12-26 11:57 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 19:28 . 2007-12-26 11:57 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136] "HostManager"="c:\program files\Common Files\AOL\1195497218\ee\AOLSoftware.exe" [2006-09-26 50736] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "Skytel"="Skytel.exe" [2007-08-03 1826816] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\users\Dexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-14 721904] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728] S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2007-12-14 108768] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-04-16 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 12:17] 2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:49] 2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:49] . . ------- Zusätzlicher Suchlauf ------- . IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Dexter\AppData\Roaming\Mozilla\Firefox\Profiles\a2mwn945.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?"); . - - - - Entfernte verwaiste Registrierungseinträge - - - - URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-04-29 19:20 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ani" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bmp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cur" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dib" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.emf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.gif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icl" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ico" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iff" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jfif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jp2" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpe" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpeg" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pct" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pic" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pict" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.png" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psd" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raw" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgb" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rle" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sgi" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tga" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.thm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tiff" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttc" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10o" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10p" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10pf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wmf" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xmp" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:0b,0f,a7,09,76,24,b4,27,97,2a,ee,d5,31,72,1f,24,66,c9,5b,0c,1a,f0,fe, 88,71,4a,91,3b,7b,79,24,52,72,79,1d,51,37,2d,77,be,1a,90,24,76,fa,ca,34,76,\ "??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c [HKEY_USERS\S-1-5-21-3354819013-3743471208-2844627115-1000\Software\SecuROM\License information*] "datasecu"=hex:56,a9,93,47,27,9a,6c,68,07,e8,47,8a,03,d0,c9,87,0d,40,07,23,b2, fb,46,bc,be,83,8a,64,b6,43,4f,ad,d1,6f,8c,06,22,72,f9,ea,9e,5e,e5,82,09,60,\ "rkeysecu"=hex:a8,9b,1b,43,c5,81,f3,5d,d3,81,b6,09,2d,99,3b,56 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-04-29 19:22:43 ComboFix-quarantined-files.txt 2010-04-29 17:22 Vor Suchlauf: 22 Verzeichnis(se), 42.438.647.808 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 43.631.890.432 Bytes frei - - End Of File - - 4C885AE3A18A7E9BF5716A130F038952 Ich hoffe, ich habe alles nötige/brauchbare mit eingefügt! Falls etwas fehlen sollte, bitte ich um Benachrichtigung, fehlende Information füge ich dann umgehend hinzu!!! Danke im Voraus, micha_patzi |
30.04.2010, 18:30 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | mehrere div. Trojaner auf´m PC Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
01.05.2010, 14:50 | #3 |
| mehrere div. Trojaner auf´m PC So, ganz zum Anfang wollte ich mich erstmal recht herzlich bedanken für die schnelle Antwort und gleichzeitige Hilfe...
__________________Ich finde es echt top, wenn sich Leute extra die Zeit nehmen, um anderen zu helfen!!! Nun zum Thema^^ Vollscan mit Malwarebytes habe ich durchgeführt und Systemscan mit OTL ebenfalls. Hier der LOG von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4056 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 01.05.2010 15:32:18 mbam-log-2010-05-01 (15-32-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|) Durchsuchte Objekte: 431820 Laufzeit: 2 Stunde(n), 11 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Qoobox\Quarantine\C\Users\Dexter\AppData\Roaming\sdra64.exe.vir (Trojan.Downloader) -> No action taken. C:\Users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3\newupdate1142C.exe (Malware.Packer.Gen) -> No action taken. |
01.05.2010, 14:51 | #4 |
| mehrere div. Trojaner auf´m PC Hier die Extras-Datei von OTL: OTL logfile created on: 01.05.2010 15:41:10 - Run 1 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Dexter\Desktop\troja dateien Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 39,38 Gb Free Space | 18,20% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 107,12 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEXTER-PC Current User Name: Dexter Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Dexter\Desktop\troja dateien\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) PRC - C:\Program Files\Common Files\aol\1195497218\ee\aolsoftware.exe (America Online, Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Dexter\Desktop\troja dateien\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Symantec Core LC) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.10.14 20:57:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.10.14 20:57:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.19 15:01:16 | 000,000,000 | ---D | M] [2010.04.28 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions [2010.04.11 14:12:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.02.13 13:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.11 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Dexter\AppData\Roaming\mozilla\Firefox\Profiles\a2mwn945.default\extensions\firefox@tvunetworks.com [2010.04.11 14:22:52 | 000,000,950 | ---- | M] () -- C:\Users\Dexter\AppData\Roaming\Mozilla\FireFox\Profiles\a2mwn945.default\searchplugins\icqplugin.xml [2010.01.19 15:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007.12.26 13:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2007.11.28 21:28:02 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2007.11.28 21:28:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2007.11.28 21:28:02 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2007.11.28 21:28:02 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2007.11.28 21:28:02 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2006.08.24 23:07:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2006.08.24 23:07:50 | 000,001,063 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2006.11.10 13:42:00 | 000,000,998 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.11 00:32:03 | 000,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1195497218\ee\AOLSoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Dexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dexter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dexter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.10.05 22:42:59 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2009.10.05 22:42:59 | 004,731,224 | R--- | M] (Electronic Arts Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.10.05 22:42:59 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{e7d331d6-96c4-11dc-98b6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e7d331d6-96c4-11dc-98b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009.10.05 22:42:59 | 004,731,224 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.01 11:48:35 | 000,000,000 | ---D | C] -- C:\Users\Dexter\AppData\Roaming\Malwarebytes [2010.05.01 11:48:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.01 11:48:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.01 11:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.01 11:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.01 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\troja dateien [2010.04.29 19:22:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.04.29 19:22:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.04.29 19:22:44 | 000,000,000 | ---D | C] -- C:\Users\Dexter\AppData\Local\temp [2010.04.29 18:27:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.04.29 18:27:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.04.29 18:27:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.04.29 18:27:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.04.29 18:24:55 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.04.29 18:20:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.04.29 18:20:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.04.28 21:25:39 | 000,000,000 | ---D | C] -- C:\Users\Dexter\AppData\Roaming\24A21D693AFB1E15E639837AD7C673A3 [2010.04.28 21:25:36 | 000,000,000 | -HSD | C] -- C:\Users\Dexter\AppData\Roaming\lowsec [2010.04.28 17:15:42 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Documents\FUSSBALL MANAGER 10 ONLINE [2010.04.27 18:26:01 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\Neuer Ordner [2010.04.26 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\Desktop_BilderRahmen [2010.04.22 21:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.04.16 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\metin musik [2010.04.16 13:53:13 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.04.15 15:35:54 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 15:35:54 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 15:35:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.15 15:35:13 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.14 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Dexter\Desktop\liebling [2010.04.06 15:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2 [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.01 15:40:34 | 005,242,880 | -HS- | M] () -- C:\Users\Dexter\NTUSER.DAT [2010.05.01 15:40:19 | 001,541,530 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.01 15:40:19 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.01 15:40:19 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.01 15:40:19 | 000,142,222 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.01 15:40:19 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.01 15:35:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.01 15:35:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.01 15:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.01 15:34:29 | 000,524,288 | -HS- | M] () -- C:\Users\Dexter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.01 15:34:29 | 000,065,536 | -HS- | M] () -- C:\Users\Dexter\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.01 15:34:22 | 002,571,769 | -H-- | M] () -- C:\Users\Dexter\AppData\Local\IconCache.db [2010.05.01 15:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.30 23:19:19 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.04.29 19:20:51 | 000,000,248 | ---- | M] () -- C:\Windows\system.ini [2010.04.29 18:27:16 | 000,323,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 18:16:50 | 003,923,816 | R--- | M] () -- C:\Users\Dexter\Desktop\ComboFix.exe [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 17:49:45 | 000,034,884 | ---- | M] () -- C:\Users\Dexter\Desktop\TUEV_2009_email-Beratung.jpg [2010.04.27 18:43:19 | 000,130,171 | ---- | M] () -- C:\Users\Dexter\Documents\Uninstall.exe [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe [2010.04.06 15:33:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Metin2.lnk [2010.04.05 12:55:38 | 207,065,191 | ---- | M] () -- C:\Windows\MEMORY.DMP [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.29 18:27:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.04.29 18:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.04.29 18:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.04.29 18:27:43 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.04.29 18:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.04.29 18:16:46 | 003,923,816 | R--- | C] () -- C:\Users\Dexter\Desktop\ComboFix.exe [2010.04.28 20:38:56 | 000,013,654 | ---- | C] () -- C:\Users\Dexter\hs_err_pid3580.log [2010.04.28 17:49:44 | 000,034,884 | ---- | C] () -- C:\Users\Dexter\Desktop\TUEV_2009_email-Beratung.jpg [2010.04.26 16:28:22 | 000,130,171 | ---- | C] () -- C:\Users\Dexter\Documents\Uninstall.exe [2010.04.06 15:33:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Metin2.lnk [2010.04.05 12:55:17 | 207,065,191 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.02.04 21:51:32 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.11.16 19:10:58 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.25 18:27:39 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.07.04 18:58:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.04 18:58:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.17 23:15:05 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.01.04 18:53:13 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.01.04 18:51:36 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.04 18:51:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.12.21 17:15:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2007.12.21 17:15:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2007.12.16 21:19:08 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.11.19 21:37:36 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2007.10.12 00:19:21 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2004.09.05 08:59:50 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004.09.05 08:58:04 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003.03.11 12:56:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\ThriXXX010205PNG.dll [2003.03.11 12:56:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\ThriXXX010104Z.dll [2003.03.11 12:56:24 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ThriXXX015003JP2.dll [2003.01.29 11:10:06 | 000,046,592 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2003.01.29 11:10:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.12.12 00:14:32 | 000,013,312 | ---- | C] () -- C:\Windows\msdmo.dll [1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll < End of report > |
01.05.2010, 14:54 | #5 |
| mehrere div. Trojaner auf´m PC Die Datei von eben war die OTL-Datei, sorry für die Verwechslung^^ Hier kommt jetzt die Extra-Datei^^: OTL Extras logfile created on: 01.05.2010 15:41:10 - Run 1 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Dexter\Desktop\troja dateien Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 39,38 Gb Free Space | 18,20% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 107,12 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEXTER-PC Current User Name: Dexter Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EAB769A-CD64-4A29-9B6D-8352D15012D6}" = lport=2869 | protocol=6 | dir=in | app=system | "{9A69333E-6C7E-427B-9B37-D660944A1EE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{041EBA5F-5FDB-4280-867A-D9BBAA870EE2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | "{0803E20E-DDBE-43E9-8B3C-32A12881E937}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | "{080BD0C9-97C4-48EF-B606-6B005C5D80E1}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | "{0DFE73AC-2D9A-471E-AB8F-9464548D3E85}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | "{10F05E1D-EBD1-498F-9FF5-8802A7C9D36C}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | "{1E504FA1-B7CC-4889-BB8F-8F5FF2308902}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1E75F4EA-52DE-4A9B-807E-B2FDCD0B57D7}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | "{225505F9-7E6B-4A90-BE5B-D81F22B534AF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{2525973E-04E0-446D-AD63-58D44EC88DA9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{256661E5-8096-4506-A614-22F827F8D7EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{262265B2-4C13-44B3-8CF2-21E3D67BBCA1}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | "{2FCBE98E-DA14-4A98-A5DA-4B1B46A6B6E8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{37185A16-EA94-430E-8552-ED69E518056C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{37A2542E-BBF2-46D7-847B-7D47158A8ABF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3AD0C41D-1771-429C-B623-423C2CB0E7B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{50CDC46F-2887-4962-A993-61A58025D8FE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "{5476F573-6D2F-446F-B344-027C3042602E}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | "{56AEDDA6-DE14-4BE9-9122-52821002DE18}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | "{58066D84-F9FF-4FF5-9CAD-567805194795}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1195497218\ee\aolsoftware.exe | "{6358779B-37E5-4E12-9E2D-22FDB830B879}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "{7349A012-F797-47D0-949A-9E442411E8E7}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "{738397E1-6B8D-4568-9EF7-2A071ED517D3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{75B3E28D-FB9F-4863-A1C7-5F51A7187A19}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | "{7795AE6C-ED90-44F6-869F-9107DB8BD91F}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{77BF0EB4-408F-44BF-9C47-275760F03C41}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{7C5C819A-4565-4712-8990-CBE6C650B1E9}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | "{7D960F33-AB6D-4D33-9DEB-9F47A4B1EC7B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | "{80553ACB-BC22-4D4D-9196-5C81284FF9CA}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "{819488B4-D64E-4D88-85B9-A058395C2393}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{82752DFC-DCE8-4561-A30C-D3DCCA7A1DAB}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | "{859405F5-B022-4D6E-B150-17233F392F55}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | "{8D0AB260-43D0-4265-8730-0A6399FB98A3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{8D2BDC70-9F1F-4116-A15B-AB2D657A01A6}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{91EA4572-D4BF-45B6-BC9A-B0C116E5FE31}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | "{92682F24-62CF-4D3E-A938-89CB97139D2F}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | "{96EA4760-EC09-41A5-9AB3-4D18A2E897B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{99447D8D-18C4-4BCA-9C90-8B0B5557DB91}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{A3750D55-310B-4DBE-A69D-A39AF56C736C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1195497218\ee\aolsoftware.exe | "{ABCE3F8D-28C1-4300-ABC2-F49B423C9B9D}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{B391F27A-6DFE-43CA-AA19-C3672037B4DC}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | "{B7A82702-FD92-4192-B832-E18089276873}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{B98F448A-E1BD-4D8B-971F-C2BD08C2DA3C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{BDF58042-4BD0-43CF-9E26-4ECDBEF2A875}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{BE4D95A7-6120-4079-9E6B-B2AB74E22D02}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{DF29CB3B-0B00-47E4-BA75-C69EE0352AAD}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | "{E4B0D2DE-0323-4209-A1F1-EFA5840EAE32}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EC35CF91-4751-4CC3-ADB4-AA91A6C641ED}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | "{F1889AB1-3143-4FC9-B506-AFC5982E4E2A}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{F3764B0E-311C-42CE-9C9B-FB2DED02FEE9}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{FFF283CD-6CF1-49E1-A9A3-21FA73F97421}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | "TCP Query User{02EDB504-7464-4C8C-B473-20665960F70D}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | "TCP Query User{041C9115-D058-443A-B959-625C86DCA7E4}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | "TCP Query User{32A51FBF-EB07-4F71-AEDC-BAA33CA41D7C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{42196FE3-6BA5-42D4-833A-5977DF69437C}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe | "TCP Query User{46A3DEF9-CAAE-4819-8FBD-D0629BE8498E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{64BA855E-43F7-4BE9-B714-39E0E4B793EA}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | "TCP Query User{885B4530-81EF-4A64-B88E-95F68C20CE9C}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | "TCP Query User{91995FBE-2A09-40F6-9145-4EAE58558E21}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{9794782C-2267-4BD8-949B-698A07865227}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | "TCP Query User{9956EA98-4740-4E49-8B0B-B2EE66BF78DF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A163B1F1-E5E7-452A-BE19-CD86CA28C3F7}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "TCP Query User{AE031C8F-B7CD-4D67-9507-8ABCC8346A8A}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{B743A817-D502-4ADE-A971-49E4B7F6620D}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{B7B442BF-5578-4B2A-AB68-57074C6726B3}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "TCP Query User{BE13FE3B-6817-40FE-AE45-BCEB748C1A3C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{C1D457F7-2228-4FCA-896D-354D29FC085E}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe | "TCP Query User{C999A688-B1CC-48E6-9866-923B8F0EF530}C:\users\dexter\desktop\pes2008.exe" = protocol=6 | dir=in | app=c:\users\dexter\desktop\pes2008.exe | "TCP Query User{E1ECDBA2-B89D-4735-9932-A55F03C83FB6}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe | "TCP Query User{F209A7F5-934A-4031-96CA-D10F9A4A79CA}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | "TCP Query User{F5209C99-BC34-432E-A968-C4F26792E0FB}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | "TCP Query User{FC0E9926-2C02-4ADF-B411-3BC565302DA5}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=6 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe | "UDP Query User{0BE120BD-D6C6-48F4-952C-10A4FDCED758}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "UDP Query User{3D1C44FB-9F89-4A24-826D-73ABA7A79C4D}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe | "UDP Query User{4B5BD4B8-9B6D-45FF-BE6D-3EA48353DA2B}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "UDP Query User{50208E0F-3C6F-42E8-81DE-0E717F21F5F0}C:\program files\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\emergency4\em4.exe | "UDP Query User{57002F32-8E66-4B05-858A-DFFCC12D198E}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | "UDP Query User{63F8C8A4-E21A-42EF-B515-AEACED8A6D7A}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{72AFB0EE-C86B-48DC-B602-D52C26E62348}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=17 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe | "UDP Query User{82E806ED-9C87-4947-9142-4469C766E62C}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | "UDP Query User{91FC9755-3926-4CC2-9E68-E3AFCA7E439C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BB8731B2-5ED1-4DAF-9F8C-07C5C36B4C56}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{C4DA25C7-82E1-47F0-B726-4BFA997702B5}C:\users\dexter\desktop\pes2008.exe" = protocol=17 | dir=in | app=c:\users\dexter\desktop\pes2008.exe | "UDP Query User{C59EE533-C0F6-47B3-808E-58A923C27537}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{CF02264D-4ED9-4683-B952-7225207EDE0A}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | "UDP Query User{D37CD60B-7DC5-4A6E-B5BE-FD3D5B505EC2}C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe | "UDP Query User{E23E5904-D835-480A-ADA7-5C7C7B1C47A7}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | "UDP Query User{E25007D5-FA79-4FB6-B2A8-8EA6FD54C05E}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | "UDP Query User{E92E06F4-0859-43A1-8390-0D2EC8B58A1F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{E9C9E22E-9BBC-4D53-8DBC-FFB9633946B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{EAAC887C-9AC3-4E73-A0E0-31F1195557A6}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | "UDP Query User{EC99C16A-52C7-409B-A30A-752CF07102B9}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | "UDP Query User{F1E587DA-B715-4499-8FEE-8E4A7888B2DF}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Hansa Rostock - HansaBox "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies "{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}" = Free TV Radio "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1 "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires "{851367C1-2F9F-4087-B3E8-8DECFE328370}" = The Da Vinci Code "{874F0C23-7CA8-4639-9D77-E032E272A3FD}" = Emergency 2 "{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4 "{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{B102B41A-075C-40F9-AC9F-A132313F49A8}" = Magic Video Maker Pro "{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten "{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise "{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2 "{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Foto-Manager "{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2 "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "AOL Deinstallation" = AOL Deinstallation "AOL Toolbar 4.0" = "AudioCon" = AudioCon "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1) "EADM" = EA Download Manager "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "GameSpy Arcade" = GameSpy Arcade "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "IsoBuster_is1" = IsoBuster 2.3 "JDownloader" = JDownloader "Logitech Print Service" = Logitech Print Service "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Metin2_is1" = Metin2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11) "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Picasa2" = Picasa 2 "RealPlayer 6.0" = RealPlayer "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "UltraISO_is1" = UltraISO Premium V9.31 "Uninstall_is1" = Uninstall 1.0.0.0 "Veetle TV" = Veetle TV 0.9.17 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6d "WinRAR archiver" = WinRAR "XviD_is1" = XviD MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FM10 Stadien Deutschland Update 2.0" = FM10 Stadien Deutschland Update 2.0 "FM10 Stadien Polen" = FM10 Stadien Polen "Luxusfile" = Luxusfile "Managerfrauen Part 1" = Managerfrauen Part 1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.01.2010 19:08:44 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Manager10.exe, Version 2.0.0.5, Zeitstempel 0x4b2934d4, fehlerhaftes Modul GfxCore.dll, Version 0.0.0.0, Zeitstempel 0x4b293398, Ausnahmecode 0xc0000005, Fehleroffset 0x0005133b, Prozess-ID 0xbf8, Anwendungsstartzeit 01ca9ba217da60b7. Error - 31.01.2010 11:26:07 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.6.0, Zeitstempel 0x474e0e34, fehlerhaftes Modul libvlc.dll, Version 0.0.0.0, Zeitstempel 0x474e0e34, Ausnahmecode 0xc0000005, Fehleroffset 0x0001b81a, Prozess-ID 0xaf8, Anwendungsstartzeit 01caa288fd2f6661. Error - 04.02.2010 15:27:17 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Em3.exe, Version 0.0.0.0, Zeitstempel 0x42d25b8d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x6f6e6b6e, Prozess-ID 0x14bc, Anwendungsstartzeit 01caa5cda666ac7a. Error - 04.02.2010 16:23:12 | Computer Name = Dexter-PC | Source = Application Hang | ID = 1002 Description = Programm Em4.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: d38 Anfangszeit: 01caa5d76e937071 Zeitpunkt der Beendigung: 383 Error - 04.02.2010 16:30:16 | Computer Name = Dexter-PC | Source = Application Hang | ID = 1002 Description = Programm Em4.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: f5c Anfangszeit: 01caa5d88de6e326 Zeitpunkt der Beendigung: 362 Error - 05.02.2010 08:31:25 | Computer Name = Dexter-PC | Source = VSS | ID = 8194 Description = Error - 07.02.2010 12:33:41 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Em3.exe, Version 0.0.0.0, Zeitstempel 0x42d25b8d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x40151000, Prozess-ID 0x7b8, Anwendungsstartzeit 01caa812a9e6beb6. Error - 20.02.2010 14:11:56 | Computer Name = Dexter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.03.2010 15:45:59 | Computer Name = Dexter-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.6.0, Zeitstempel 0x474e0e34, fehlerhaftes Modul libvlc.dll, Version 0.0.0.0, Zeitstempel 0x474e0e34, Ausnahmecode 0xc0000005, Fehleroffset 0x0001b84a, Prozess-ID 0xb9c, Anwendungsstartzeit 01cab977609bf958. Error - 28.03.2010 03:34:25 | Computer Name = Dexter-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 7.0.6001.18385 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 374 Anfangszeit: 01cace469a84b842 Zeitpunkt der Beendigung: 63 [ System Events ] Error - 29.04.2010 13:26:35 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016 Description = Error - 29.04.2010 13:28:15 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026 Description = Error - 29.04.2010 16:02:07 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016 Description = Error - 29.04.2010 16:03:46 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026 Description = Error - 30.04.2010 08:23:36 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016 Description = Error - 30.04.2010 08:25:15 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026 Description = Error - 01.05.2010 05:37:26 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016 Description = Error - 01.05.2010 05:39:08 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026 Description = Error - 01.05.2010 09:35:31 | Computer Name = Dexter-PC | Source = HTTP | ID = 15016 Description = Error - 01.05.2010 09:37:11 | Computer Name = Dexter-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > Danke im Voraus, micha_patzi |
01.05.2010, 14:57 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | mehrere div. Trojaner auf´m PC Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) [2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.01 15:35:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> mehrere div. Trojaner auf´m PC |
01.05.2010, 15:09 | #7 |
| mehrere div. Trojaner auf´m PC hier das Logfile: All processes killed ========== OTL ========== Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully. C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully. File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found. File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully. File Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found. File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found. C:\Program Files\ICQ6\ICQ.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found. File C:\Program Files\ICQ6\ICQ.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Dexter ->Temp folder emptied: 33282 bytes ->Java cache emptied: 13741079 bytes ->FireFox cache emptied: 10143021 bytes ->Flash cache emptied: 18620 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1570928 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1600 bytes RecycleBin emptied: 6153648 bytes Total Files Cleaned = 30,00 mb OTL by OldTimer - Version 3.2.4.0 log created on 05012010_160144 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. Registry entries deleted on Reboot... |
Themen zu mehrere div. Trojaner auf´m PC |
antivir, avg, avgnt, avira, combofix, components, dateien, explorer, firefox, google, gupdate, icq, internet, lan, log-datei, malware, microsoft, mozilla, namen, programdata, proxy, realplayer, recycle.bin, richtlinie, rojaner gefunden, scan, security, service pack 1, software, sptd.sys, start menu, suchlauf, svchost, system, trojaner, trojaner gefunden, usb, vista, windows-defender, wireless lan |