Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
hotkeyshook immer noch aktiv ?

hotkeyshook immer noch aktiv ?


Plagegeister aller Art und deren Bekämpfung: hotkeyshook immer noch aktiv ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.06.2010, 11:44   #1
hansmartin
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


HI, ich hatte vor ein paar Jahren mal den hotkeyshook
virus, nachdem ich einen Trainer für GTA San Andreas runtergeladen hatte.
Irgendwann passierte dann das, was alle bereichten, die den hatten,
Daten lassen sich nicht mehr öffnen, ....
Damals hatte ich meinen Rehcner neuisnatlliert, und fast alle
wichitgen Sachen wieder draufgezogen. Jednefalls hab ich letzte
woche das Spiel wieder gefunden, und mal wieder insatlliert.
Nach 20 Minuten spielen, ging mein Firefox nicht mehr.
Nach etlich ausprobieren musste ich feststellen, dass mein
AVG online Scanner, also das plug in plötzlich fehlerhafte daten hatte,
worauf ich einen neuen virenscanner ( den malewarebytes anti amleware )
installiert habe, und direkt den virus hotkeyshook wieder fand.
Also irgendwo mussten noch reste von dem Trainer gewesen sein,
und erst als ich das spiel wieder spielte, hat er sich zurückgemeldet.
Ich hab also allen Anleitungen nach den VIrus vernichtet, und
er ist auch nach weiterern Scans nicht wieder aufgetaucht.
Nun bin ich mir aber nicht sicher, was passiert, wenn ich es erneut
installiere, ist der Virus nun weg, oder ist die Quelldatei die ihn ausgesendet
hat immer noch aktiv ???

Ich kenn mich mit viren nicht aus,daher weiss ich nicht wie man speziell
nach einer sucht.

Alt 05.06.2010, 22:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


Hallo und

Hast Du den "Trainer" oder andere dubiose Software nach dem Neuaufsetzen denn wieder ausgeführt? Poste bitte auch das Malwarebytes Logfile.
__________________

__________________
Alt 07.06.2010, 16:05   #3
hansmartin
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


Oh, es ist so, ich hab die Daten alle ohne ordner ohne alles
bilder, filme daten und so weiter genommen, und habs auf ein Laptop gezogen.
Dann hab ich alle wichtigen daten, also nicht den trainer, weil
ich den schon vermutet hatte genommen, und wieder drauf.
Ich hab auch auf dem Laptop, welches ich zur Zeit nicht benutze,
schon einmal Scans gemacht, und dort wurde der virus nicht gefunden.
Er war auch erst auf meinem rechner, als ich das Spiel wiederinstalliert hatte.
Also muss der trainer irgendwie wieder aktiviert worden sein. Er befindet sich
aber nicht auf dem Rechner, also ich hab ihn nicht gefunden.

Die Datei von Maleware müsste ich erst suchen gehen.

Aber, die logonui.exe, hat er auch in die Quarantäne geschoben,
ich hab sie natürlich nicht gelöscht, sondern nur die die datei,
die eben indiziert war, das war der avg onlien virenscanner,
warum auch immer, der war zuvor nicht infiziert.

Ich weiss halt net was ich mit der logonui.exe machen soll,
ich kenne mich null mit rechnern aus.

ich weiss nicht, meinst du dass, wenn nicht wie finde ich die
datei

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4160

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

01.06.2010 14:30:10
mbam-log-2010-06-01 (14-30-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 125907
Laufzeit: 9 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\logonui.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
__________________
Alt 07.06.2010, 18:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.06.2010, 18:52   #5
hansmartin
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


OK THANX sobald ich dazu komm werd ichs machen


Alt 07.06.2010, 19:26   #6
hansmartin
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


Ok hier kommen die 2 dateien das erste ist ttl das 2- extras

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.06.2010 20:21:39 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 37,32 Gb Free Space | 33,39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PAL
Current User Name: Admin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DCPFLICS\DCPFLICS.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (DCPFLICS) -- C:\Program Files\DCPFLICS\DCPFLICS.exe ()
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (FST376XP) -- C:\WINDOWS\system32\drivers\FST376XP.sys (Promise Technology, Inc.)
DRV - (oUltraf) -- C:\Documents and Settings\Admin\Local Settings\Temp\oUltraf.sys ()
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.yahoo.com/search?p=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\AV, = hxxp://www.altavista.com/sites/search/web?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\FM, = hxxp://www.filemirrors.com/search.src?file=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GGL, = hxxp://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = hxxp://support.microsoft.com/?kbid=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = hxxp://search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.01 19:05:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.02 07:39:19 | 000,000,000 | ---D | M]
 
[2010.06.01 19:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010.06.02 07:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\f6snqq5v.default\extensions
[2010.06.05 11:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.24 11:01:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.03 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSI US54EX Wireless Client Utility.lnk = C:\Program Files\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Highlight - C:\WINDOWS\Web\highlight.htm ()
O8 - Extra context menu item: &Links List - C:\WINDOWS\Web\urllist.htm ()
O8 - Extra context menu item: &Web Search - C:\WINDOWS\Web\selsearch.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\Web\frm2new.htm ()
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\Web\zoomin.htm ()
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\Web\zoomout.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226354718550 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226354680909 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 07:48:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{81f64e40-afbf-11dd-8288-91743f9c5f4c}\Shell\AutoRun\command - "" = G:\Autorun\BFAutorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.03 14:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010.06.01 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010.06.01 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.06.01 14:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010.06.01 14:11:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.01 14:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.06.01 14:11:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.01 14:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.01 12:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\GTA San Andreas User Files
[2010.05.31 19:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.05.13 18:13:24 | 000,000,000 | ---D | C] -- C:\FumeFX36985650
[2010.05.13 12:03:42 | 000,000,000 | ---D | C] -- C:\FumeFX14927242
[2010.05.13 08:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010.05.13 08:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.05.12 19:00:49 | 000,000,000 | ---D | C] -- C:\FumeFX23910673
[2010.05.12 18:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\3D Max Textturen
[2009.06.28 16:21:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009.06.28 16:21:54 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009.06.28 16:21:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009.06.28 16:21:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin\*.tmp files -> C:\Documents and Settings\Admin\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.07 20:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.06.07 19:49:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.07 16:58:03 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Rechner.rtf
[2010.06.07 16:57:19 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010.06.07 16:49:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.07 14:02:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.07 14:02:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.07 14:02:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.06 19:39:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010.06.03 14:26:24 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010.06.03 14:26:24 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.06.02 13:27:03 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\addition.rtf
[2010.06.01 19:04:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.01 17:12:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\prvlcl.dat
[2010.06.01 14:11:41 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.31 21:00:17 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cyclohexan.cfd
[2010.05.31 20:52:36 | 000,103,586 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\metan.bmp
[2010.05.31 20:52:08 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\metan.cfd
[2010.05.31 17:49:20 | 000,002,217 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Alk.rtf
[2010.05.31 16:11:04 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\TEST.cfd
[2010.05.31 16:09:33 | 000,004,356 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kohlen.rtf
[2010.05.31 11:53:31 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.21 17:15:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.05.19 13:37:00 | 000,022,286 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Mathearebit Lernzettel.docx
[2010.05.18 17:26:20 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.05.16 17:52:43 | 000,000,863 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.16 17:02:56 | 000,016,797 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Henochisch.xlsx
[2010.05.13 09:31:41 | 000,012,157 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Die Invocation bezeichnet die Aufrufung eines Geistes oder eines Dämon.docx
[2010.05.13 08:55:28 | 000,103,381 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Kapitel 2 Kreise.docx
[2010.05.13 08:35:29 | 000,015,427 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Exorzismen werden angewendet um Dämonen die in Menschen Stecken aus dem.docx
[2010.05.09 18:45:56 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Spanisch Lernzettel.rtf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin\*.tmp files -> C:\Documents and Settings\Admin\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.07 16:58:03 | 000,000,366 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Rechner.rtf
[2010.06.02 12:46:47 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\addition.rtf
[2010.06.01 19:26:34 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010.06.01 19:26:34 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.06.01 19:04:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.01 14:11:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.31 21:00:52 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cyclohexan.cfd
[2010.05.31 20:52:36 | 000,103,586 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\metan.bmp
[2010.05.31 20:52:31 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\metan.cfd
[2010.05.31 17:47:17 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Alk.rtf
[2010.05.31 16:19:09 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\TEST.cfd
[2010.05.31 14:41:05 | 000,004,356 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kohlen.rtf
[2010.05.19 13:30:29 | 000,022,286 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Mathearebit Lernzettel.docx
[2010.05.18 17:26:20 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.05.14 13:33:27 | 000,016,797 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Henochisch.xlsx
[2010.05.13 09:31:41 | 000,012,157 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Die Invocation bezeichnet die Aufrufung eines Geistes oder eines Dämon.docx
[2010.05.13 08:36:35 | 000,103,381 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Kapitel 2 Kreise.docx
[2010.05.11 18:50:44 | 000,015,427 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Exorzismen werden angewendet um Dämonen die in Menschen Stecken aus dem.docx
[2010.05.09 18:43:49 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Spanisch Lernzettel.rtf
[2009.08.23 11:17:13 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009.06.28 16:21:57 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009.06.11 14:33:23 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.02.20 20:15:04 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009.02.19 19:00:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\chemlab_pro.ini
[2009.01.16 19:13:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.01.16 19:13:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.01.16 19:13:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.01.16 19:13:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.01.16 19:13:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.01.16 19:13:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009.01.03 18:58:29 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.01.03 18:50:15 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009.01.03 18:50:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009.01.03 18:50:10 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009.01.03 18:50:10 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009.01.03 18:43:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008.11.17 17:38:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.11.11 09:10:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008.11.11 07:49:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.11.11 07:49:17 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.11 07:49:16 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.11 07:49:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.11 07:49:14 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.05.16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.05.16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.01.17 05:25:49 | 000,001,232 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.25 20:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
< End of report >
--- --- ---


Zitat:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.06.2010 20:21:39 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 522,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 37,32 Gb Free Space | 33,39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PAL
Current User Name: Admin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112B0ED9-57F8-4883-8E6A-5BEAABDABBC1}" = Crazy Machines II
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26B5D684-75D6-44B9-BBFF-D4100F43092A}" = Sony Ericsson PC Suite
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}" = Opera 9.24
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C851E20-80E8-4532-A6C4-85454D3814E5}" = FumeFX 1.2 R2010 32-bit
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" = 
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9933F0EE-DFCD-4829-B979-3C56C367CB1A}" = InterVideo WinDVD Creator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D686199B-882E-4550-92C4-BD99A8C295D0}" = Rhinoceros 4.0 SR5
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5223680-993A-11D4-86F6-0001031E5712}" = InterVideo Installer
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FC7A77-A535-487A-9D5B-A11BB0AB0336}" = Brother HL-2140
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}" = MSI US54EX Wireless Client Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"AVIConverter" = AVIConverter 5.1.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DesertCombat" = DesertCombat  0.7
"Driver Genius Professional Edition 2007_is1" = Driver Genius Professional Edition 2007
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.6.2
"LHTTSGED" = L&H TTS3000 Deutsch
"LingoPad_is1" = LingoPad 2.5.1 (Build 325)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pico-PSE" = Pico-PSE 1.7 
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"ratDVD" = ratDVD 0.78.1444
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaGames" = Windows Vista Games All In One
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.03.2010 13:43:16 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 08.03.2010 09:43:07 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 09.03.2010 13:37:32 | Computer Name = PAL | Source = Application Error | ID = 1000
Description = Faulting application bf1942.exe, version 0.0.0.0, faulting module 
bf1942.exe, version 0.0.0.0, fault address 0x001415ff.
 
Error - 10.03.2010 12:43:07 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 25.03.2010 01:54:38 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 29.03.2010 11:49:06 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 29.03.2010 12:52:37 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 10.04.2010 14:49:05 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 11.04.2010 02:49:05 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
Error - 25.04.2010 09:49:05 | Computer Name = PAL | Source = Google Update | ID = 20
Description = 
 
[ OSession Events ]
Error - 20.06.2009 04:12:59 | Computer Name = PAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1592
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.06.2010 03:51:49 | Computer Name = PAL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 06.06.2010 02:04:53 | Computer Name = PAL | Source = Service Control Manager | ID = 7034
Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
 service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 06.06.2010 02:04:57 | Computer Name = PAL | Source = Service Control Manager | ID = 7034
Description = The iPod-Dienst service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 06.06.2010 02:05:00 | Computer Name = PAL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 06.06.2010 06:49:23 | Computer Name = PAL | Source = Service Control Manager | ID = 7034
Description = The iPod-Dienst service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 06.06.2010 06:49:25 | Computer Name = PAL | Source = Service Control Manager | ID = 7034
Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
 service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 06.06.2010 06:49:28 | Computer Name = PAL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 07.06.2010 08:17:39 | Computer Name = PAL | Source = Service Control Manager | ID = 7034
Description = The iPod-Dienst service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 07.06.2010 08:17:41 | Computer Name = PAL | Source = Service Control Manager | ID = 7034
Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
 service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 07.06.2010 08:17:45 | Computer Name = PAL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
 
< End of report >
--- --- ---

Alt 07.06.2010, 19:38   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


Sieht rel. unauffällig aus. Mach bitte nen Durchgang mit CF, das nimmt uns viel Arbeit ab:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.06.2010, 20:02   #8
hansmartin
 
hotkeyshook immer noch aktiv ? - Standard

hotkeyshook immer noch aktiv ?


Vielen dank, werd ich gleich morgen machen

Antwort

Themen zu hotkeyshook immer noch aktiv ?
aktiv, andreas, anti, bereich, direkt, erneut, firefox, hotkeyshook, jahre, minuten, neue, neuen, nicht mehr, nicht mehr öffnen, nicht sicher, online, plug in, plötzlich, quelldatei, sache, sachen, scan, scanner, spiel, spiele, spielen, sucht, virenscan, virenscanner, öffnen


« aspimgr wird über AntiVir angezeigt | System wieder Sycher nach Virus-fund? »


Ähnliche Themen: hotkeyshook immer noch aktiv ?


  1. Windows8: Virus trotz Neuinstallation des OS noch immer aktiv
    Log-Analyse und Auswertung - 16.08.2015 (3)
  2. posadi 17 usw... immer aktiv!
    Log-Analyse und Auswertung - 16.05.2014 (9)
  3. Flashback: Mac-Botnetz angeblich noch aktiv
    Nachrichten - 10.01.2014 (0)
  4. GVU-Virus noch aktiv?
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (11)
  5. ca.exe verschwunden aber noch aktiv?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (5)
  6. GVU-Trojaner nach Systemwiderherstellung noch aktiv ?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (18)
  7. GUV Trojaner noch aktiv?
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (21)
  8. Verschlüsselungstrojaner noch aktiv ? / Trojan.Randsom.A
    Log-Analyse und Auswertung - 16.08.2012 (34)
  9. Trojan ADH trotz format C: immer noch aktiv
    Log-Analyse und Auswertung - 14.02.2011 (1)
  10. Trojaner immer noch aktiv?
    Log-Analyse und Auswertung - 26.03.2010 (1)
  11. MSN Virus nach Formatierung noch aktiv
    Plagegeister aller Art und deren Bekämpfung - 17.05.2009 (3)
  12. Internet blockiert, Bagle noch aktiv?
    Log-Analyse und Auswertung - 28.04.2009 (4)
  13. Tojaner weg oder noch aktiv..
    Antiviren-, Firewall- und andere Schutzprogramme - 21.04.2009 (10)
  14. explorer.exe und LAN immer aktiv
    Log-Analyse und Auswertung - 12.03.2009 (0)
  15. startdrv.exe - wie weiß ich ob noch aktiv?
    Log-Analyse und Auswertung - 28.11.2007 (3)
  16. Trojaner HotKeysHook gefunden, ich glaub aber es ist noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.10.2007 (1)
  17. Trojaner noch aktiv???
    Log-Analyse und Auswertung - 05.05.2007 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema hotkeyshook immer noch aktiv ? - HI, ich hatte vor ein paar Jahren mal den hotkeyshook virus, nachdem ich einen Trainer für GTA San Andreas runtergeladen hatte. Irgendwann passierte dann das, was alle bereichten, die den - hotkeyshook immer noch aktiv ?...
Archiv
Du betrachtest: hotkeyshook immer noch aktiv ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131