| |
| |||||||
Überwachung, Datenschutz und Spam: Webcamspion?Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
11.06.2010, 18:45
| #1 |
 |  Webcamspion? Hallo ihr, ich hab mich gerade sehr erschrocken. Ich war gerade weg vom Laptop und als ich wieder kam, war ein Fenster offen im Browser mit einem Bild von mir bei einem Imagehoster, das offensichtlich wenige Minuten vorher von mir geschossen wurde. Die Webcam war auch eigentlich aus - aber dann bemerkte ich, dass das Licht brennt. Das sind zwei gruselige Dinge - einmal das jemand von außen mich durch den Browser kontaktieren kann und dann noch gruseliger das Bild über die Webcam. ICh weiß nicht, jetzt ist mir richtig schlecht.  Ähm ja. Kann mir jemand weiterhelfen? PS: Hab jetzt nochmal geschaut, das ganze wurde gehostet bei Bilderhoster.net. edit: Ich hab jetzt noch ein bisschen dazu gegoogelt. Das ist ja eigentlich ne urban legend hat man so das Gefühl - v.a. nutze ich nicht einen Messenger (weder ICQ, noch Skype noch MSN o.ä.). Ach ist das ein sch*** Geändert von Schlümm (11.06.2010 um 19:12 Uhr) |
|
11.06.2010, 19:53
| #2 |
| | Webcamspion? Da es zum editieren zu spät ist hänge ich meine Files so an.
__________________Avira hat beim Scan folgendes Übel aufgetan: JAVA/Dldr.agent.d Malware Scan lieferte folgendes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4189
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11.06.2010 20:47:25
mbam-log-2010-06-11 (20-47-25).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134024
Laufzeit: 5 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\XXX\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\xXX\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
RSIT gibt folgende Fehlermeldung: Line 2563 (....) Error: Variable used without being declared. Log von HiJack HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:00:40, on 11.06.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O15 - Trusted Zone: hxxp://*.mcafeecom (HKLM) O15 - Trusted Zone: hxxp://betavscanmcafeeasapcom (HKLM) O15 - Trusted Zone: hxxp://vsmcafeeasapcom (HKLM) O15 - Trusted Zone: hxxp://wwwmcafeeasapcom (HKLM) O15 - ESC Trusted Zone: hxxp://mcafeecom (HKLM) O15 - ESC Trusted Zone: hxxp://betavscanmcafeeasapcom (HKLM) O15 - ESC Trusted Zone: hxxp://vsmcafeeasapcom (HKLM) O15 - ESC Trusted Zone: hxxp://wwwmcafeeasapcom (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{E2BF4203-C1C9-48A5-B75A-708E9F7CBFC8}: NameServer = 208.67.222.222 208.67.220.220 O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcz_device - - C:\windows\system32\lxczcoms.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 11431 bytes So ich hoffe ich hab alles soweit richtig gemacht und hab in den Logfiles nichts übersehen. CCleaner hab ich natürlich gleich als erstes laufen lassen. Geändert von Schlümm (11.06.2010 um 20:04 Uhr) |
|
11.06.2010, 21:47
| #3 |
| | Webcamspion? Da ich hier gelesen habe, das RSIT nicht mit Win 7 kompatibel ist, habe ich also wie dort angegeben OTL laufen lassen.
__________________Hier die weiteren Logs OTL txt Code:
ATTFilter OTL logfile created on: 6/11/2010 10:28:44 PM - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\xxx\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 282.80 Gb Total Space | 246.38 Gb Free Space | 87.12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MIAU Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.) PRC - C:\Program Files\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\lxczcoms.exe ( ) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe (IDT, Inc.) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe (Andrea Electronics Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (lxcz_device) -- C:\windows\System32\lxczcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HpqKbFiltr) -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0a2 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64 FF - prefs.js..extensions.enabledItems: {473f9a20-ce5a-11da-a94d-0800200c9a66}:0.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/30 15:33:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/10 11:57:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/30 12:30:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/30 12:30:16 | 000,000,000 | ---D | M] [2010/03/22 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2010/03/22 11:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/05/31 13:36:28 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions [2010/05/31 13:36:28 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489} [2010/04/02 12:18:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/04/02 12:23:36 | 000,000,000 | ---D | M] (Google Bookmarks for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66} [2010/03/22 10:19:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/04/17 08:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/03/22 10:19:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/21 13:18:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\foxmarks@kei.com [2010/04/07 20:47:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\testpilot@labs.mozilla.com [2010/06/11 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions [2010/05/31 13:36:28 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489} [2010/04/27 14:27:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/05/21 16:33:08 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxaNeu\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A} [2010/05/12 14:13:52 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/04/28 13:31:16 | 000,000,000 | ---D | M] (Leo Search) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\{c666c018-6409-4479-afa3-68e4129e7eff} [2010/05/01 15:05:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/24 17:40:19 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/05/01 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.xxxNeu\extensions\collector@broceliand.fr [2010/05/30 15:15:47 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010/04/28 13:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010/04/22 17:07:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/01/16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/01/16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/11 22:27:53 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2010/06/11 20:52:17 | 000,000,000 | ---D | C] -- C:\rsit [2010/06/11 20:40:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2010/06/11 20:40:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010/06/11 20:39:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010/06/11 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/11 20:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/06/11 20:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/06/11 19:31:08 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Roxio Log Files [2010/06/09 15:29:08 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2010/06/09 15:29:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll [2010/06/09 15:29:06 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2010/06/09 15:29:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2010/06/09 15:29:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2010/06/09 15:29:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2010/06/09 15:29:04 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2010/06/09 15:29:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2010/06/03 15:24:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Urlaub [2010/05/31 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SHOUTcast Radio Toolbar [2010/05/31 13:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SHOUTcast Radio Toolbar [2010/05/31 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Radio Toolbar [2010/05/30 15:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Streamripper [2010/05/30 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\streamripper [2010/05/30 15:34:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll [2010/05/30 15:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010/05/30 15:33:08 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Winamp [2010/05/30 15:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2010/05/30 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Apple Computer [2010/05/30 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apple Computer [2010/05/30 12:31:36 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll [2010/05/30 12:31:36 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE [2010/05/30 12:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/05/30 12:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/05/30 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/30 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/05/30 12:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010/05/30 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apple [2010/05/30 12:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/05/30 12:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/05/30 12:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010/05/30 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/05/30 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\flatster [2010/05/27 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\assembly [2010/05/26 09:01:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2010/05/25 22:18:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Graboid_Inc [2010/05/25 22:18:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Graboid [2010/05/25 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\MozillaControl [2010/05/25 22:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12 [2010/05/23 13:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010/05/23 02:03:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\cache [2010/05/23 01:53:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FullTiltPoker [2010/05/23 01:42:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\PokerStars [2010/05/20 21:06:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMAPI32.OCX [2010/05/20 21:06:20 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCMCDE.DLL [2010/05/20 21:06:20 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6DE.DLL [2010/05/20 21:06:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCC2DE.DLL [2010/05/20 21:06:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPIDE.DLL [2010/05/20 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2010/05/20 20:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2010/05/20 20:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Blender [2010/05/20 12:45:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Bewerbungen [2010/05/18 16:20:03 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\DonationCoder [2010/05/18 16:20:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\DonationCoder [2010/05/18 16:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenshotCaptor [2010/05/18 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder [2010/03/31 15:01:45 | 001,224,704 | ---- | C] ( ) -- C:\windows\System32\lxczserv.dll [2010/03/31 15:01:45 | 000,991,232 | ---- | C] ( ) -- C:\windows\System32\lxczusb1.dll [2010/03/31 15:01:45 | 000,696,320 | ---- | C] ( ) -- C:\windows\System32\lxczhbn3.dll [2010/03/31 15:01:45 | 000,684,032 | ---- | C] ( ) -- C:\windows\System32\lxczcomc.dll [2010/03/31 15:01:45 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxczpmui.dll [2010/03/31 15:01:45 | 000,585,728 | ---- | C] ( ) -- C:\windows\System32\lxczlmpm.dll [2010/03/31 15:01:45 | 000,421,888 | ---- | C] ( ) -- C:\windows\System32\lxczcomm.dll [2010/03/31 15:01:45 | 000,413,696 | ---- | C] ( ) -- C:\windows\System32\lxczinpa.dll [2010/03/31 15:01:45 | 000,397,312 | ---- | C] ( ) -- C:\windows\System32\lxcziesc.dll [2010/03/31 15:01:45 | 000,323,584 | ---- | C] ( ) -- C:\windows\System32\LXCZhcp.dll [2010/03/31 15:01:45 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\lxczprox.dll [2010/03/31 15:01:45 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\lxczpplc.dll [2010/03/22 08:14:19 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2010/03/22 08:14:16 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll [1 C:\Users\xxx\*.tmp files -> C:\Users\xxx\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/11 22:28:34 | 002,359,296 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT [2010/06/11 22:28:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2010/06/11 21:01:54 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/11 21:01:54 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/11 20:58:58 | 001,472,002 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/06/11 20:58:58 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/06/11 20:58:58 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/06/11 20:58:58 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/06/11 20:58:58 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/06/11 20:54:38 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/06/11 20:54:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/06/11 20:54:27 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys [2010/06/11 20:53:20 | 004,576,185 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db [2010/06/11 20:40:06 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/11 20:32:01 | 000,002,836 | ---- | M] () -- C:\Users\xxx\Documents\cc_20100611_203155.reg [2010/06/11 20:31:41 | 000,069,988 | ---- | M] () -- C:\Users\xxx\Documents\cc_20100611_203115.reg [2010/06/11 20:25:38 | 000,001,831 | ---- | M] () -- C:\Users\xxx\Desktop\CCleaner.lnk [2010/06/11 19:24:44 | 000,000,000 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\chrtmp [2010/06/10 19:01:36 | 000,007,606 | ---- | M] () -- C:\Users\Marina\AppData\Local\Resmon.ResmonCfg [2010/06/10 09:43:54 | 000,456,000 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010/05/30 15:34:03 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2010/05/30 12:56:20 | 001,620,100 | ---- | M] () -- C:\ituneslib.itl [2010/05/30 12:31:46 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/05/30 12:30:11 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/05/27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2010/05/27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2010/05/21 21:02:33 | 000,114,906 | ---- | M] () -- C:\Users\xxx\Documents\xxx.docx [2010/05/21 19:45:25 | 001,854,015 | ---- | M] () -- C:\Users\xxx\Documents\Zeugnis.docx [2010/05/21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2010/05/20 21:06:26 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010/05/20 20:35:09 | 000,000,168 | ---- | M] () -- C:\windows\Lexstat.ini [2010/05/18 16:20:03 | 000,000,058 | ---- | M] () -- C:\Users\xxx\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/05/18 16:19:27 | 000,000,993 | ---- | M] () -- C:\Users\xxx\Desktop\Screenshot Captor.lnk [2010/05/15 21:43:31 | 000,018,432 | ---- | M] () -- C:\Users\xxx\Documents\xxx.xls [2010/05/14 11:55:07 | 000,011,418 | ---- | M] () -- C:\Users\xxx\Documents\Gliederung.docx [1 C:\Users\xxx\*.tmp files -> C:\Users\xxx\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/11 20:40:06 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/11 20:31:57 | 000,002,836 | ---- | C] () -- C:\Users\xxx\Documents\cc_20100611_203155.reg [2010/06/11 20:31:18 | 000,069,988 | ---- | C] () -- C:\Users\XXX\Documents\cc_20100611_203115.reg [2010/06/11 20:25:38 | 000,001,831 | ---- | C] () -- C:\Users\XXX\Desktop\CCleaner.lnk [2010/06/11 19:24:44 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\chrtmp [2010/06/10 19:01:36 | 000,007,606 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2010/05/30 15:34:03 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2010/05/30 12:46:20 | 001,620,100 | ---- | C] () -- C:\ituneslib.itl [2010/05/30 12:31:46 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/05/30 12:30:11 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/05/21 20:35:26 | 000,114,906 | ---- | C] () -- C:\Users\XXX\Documents\XXX.docx [2010/05/21 19:45:21 | 001,854,015 | ---- | C] () -- C:\Users\XXX\Documents\Zeugnis.docx [2010/05/20 21:06:26 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010/05/20 21:06:22 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2010/05/18 16:20:03 | 000,000,058 | ---- | C] () -- C:\Users\XXX\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/05/18 16:19:27 | 000,000,993 | ---- | C] () -- C:\Users\XXX\Desktop\Screenshot Captor.lnk [2010/05/15 21:43:31 | 000,018,432 | ---- | C] () -- C:\Users\XXX\Documents\XXX.xls [2010/05/14 11:55:06 | 000,011,418 | ---- | C] () -- C:\Users\XXX\Documents\Gliederung.docx [2010/04/15 23:25:15 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll [2010/03/31 15:02:50 | 000,000,168 | ---- | C] () -- C:\windows\Lexstat.ini [2010/03/31 15:01:45 | 000,413,696 | ---- | C] () -- C:\windows\System32\lxczutil.dll [2010/03/31 15:01:45 | 000,274,432 | ---- | C] () -- C:\windows\System32\LXCZinst.dll [2010/03/22 08:14:18 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2010/03/22 08:14:18 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2010/03/22 08:14:17 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2010/03/22 08:06:51 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll [2009/07/16 02:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/01/13 12:29:00 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll [2007/02/07 18:58:12 | 000,039,899 | ---- | C] () -- C:\windows\System32\rtsicis.ini [2007/01/22 09:49:34 | 000,344,064 | ---- | C] () -- C:\windows\System32\lxczcoin.dll [2006/06/07 14:23:04 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv7.dll [2006/03/27 12:19:14 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxczvs.dll [2006/03/07 12:59:04 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv6.dll [2006/01/10 18:11:06 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv5.dll [2006/01/10 18:11:06 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv4.dll < End of report > Und hier das extra logfile Code:
ATTFilter OTL Extras logfile created on: 6/11/2010 10:28:44 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\xxx\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.80 Gb Total Space | 246.38 Gb Free Space | 87.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MIAU
Current User Name: Marina
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}" = HP User Guides 0140
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Standard)
"Lexmark 1200 Series" = Lexmark 1200 Series
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"ScreenshotCaptor_is1" = Screenshot Captor 2.80.01
"SHOUTcast Radio Toolbar" = SHOUTcast Radio Toolbar
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/6/2010 10:10:42 AM | Computer Name = Miau | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: eb0 Startzeit:
01caed233ac4794e Endzeit: 31 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
23140ea4-5919-11df-8961-18a905de1167
Error - 5/8/2010 11:02:55 AM | Computer Name = Miau | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15a8 Startzeit:
01caeebf400b6e5d Endzeit: 18 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
c6141259-5ab2-11df-8938-18a905de1167
Error - 5/8/2010 11:03:35 AM | Computer Name = Miau | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b58 Startzeit:
01caeebf8abedb1a Endzeit: 17 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
de380a42-5ab2-11df-8938-18a905de1167
Error - 5/13/2010 5:44:28 AM | Computer Name = Miau | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3743 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1428 Startzeit:
01caf27be92b4ab1 Endzeit: 38 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
1dd3d20e-5e74-11df-84e8-18a905de1167
Error - 5/19/2010 3:28:57 AM | Computer Name = Miau | Source = RasClient | ID = 20227
Description =
Error - 5/25/2010 3:41:31 AM | Computer Name = Miau | Source = RasClient | ID = 20227
Description =
Error - 5/26/2010 9:39:52 AM | Computer Name = Miau | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6504.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 8e4 Startzeit: 01cafcd8aad40d5d Endzeit: 0 Anwendungspfad: C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
Berichts-ID:
Error - 5/30/2010 9:41:30 AM | Computer Name = Miau | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830,
Zeitstempel: 0x4b4cd59d Name des fehlerhaften Moduls: pmp_p4s.dll, Version: 0.0.0.0,
Zeitstempel: 0x4b4cd5aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001511 ID des fehlerhaften
Prozesses: 0x1e24 Startzeit der fehlerhaften Anwendung: 0x01cafffcf2b06133 Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Winamp\Plugins\pmp_p4s.dll Berichtskennung: 0cf41bdb-6bf1-11df-892c-18a905de1167
Error - 5/31/2010 7:35:27 AM | Computer Name = Miau | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830,
Zeitstempel: 0x4b4cd59d Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.7600.16475,
Zeitstempel: 0x4b1620f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015fd0 ID des fehlerhaften
Prozesses: 0x1220 Startzeit der fehlerhaften Anwendung: 0x01cb00b547e66542 Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\system32\jscript.dll Berichtskennung: 9b7d84e1-6ca8-11df-8072-18a905de1167
Error - 5/31/2010 9:45:01 AM | Computer Name = Miau | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.5.7.2830 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17ec Startzeit:
01cb00b5ff99388e Endzeit: 36 Anwendungspfad: C:\Program Files\Winamp\winamp.exe Berichts-ID:
b314986c-6cba-11df-8072-18a905de1167
[ Hewlett-Packard Events ]
Error - 4/8/2010 9:52:49 AM | Computer Name = Miau | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml"
konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
Error - 4/8/2010 9:52:50 AM | Computer Name = Miau | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml"
konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
Error - 4/22/2010 10:36:21 AM | Computer Name = Miau | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml"
konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()
[ System Events ]
Error - 6/6/2010 8:05:09 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 6/6/2010 8:07:21 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 6/6/2010 8:12:26 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 6/7/2010 12:45:43 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 6/7/2010 12:49:07 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 6/7/2010 12:52:12 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 6/7/2010 3:55:00 AM | Computer Name = Miau | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 6/7/2010 3:55:01 AM | Computer Name = Miau | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 6/7/2010 3:55:02 AM | Computer Name = Miau | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 6/8/2010 4:02:56 AM | Computer Name = Miau | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
< End of report >
|
|
15.06.2010, 20:56
| #4 |
| /// Selecta Jahrusso   | Webcamspion? Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Bitte
Bitte poste in Deiner nächsten Antwort Gmer.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
15.06.2010, 21:48
| #5 |
| | Webcamspion? Hallo Larusso, danke für deine Antwort. Hab deine Anleitung genau befolgt, hier das logfile von gmer. GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-15 22:43:18
Windows 6.1.7600
Running: xhh9l9ox.exe; Driver: C:\Users\XXX\AppData\Local\Temp\pxldypog.sys
---- System - GMER 1.0.15 ----
SSDT 8C73CAFF ZwTerminateProcess
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C88599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CB4CC8 4 Bytes [FF, CA, 73, 8C] {DEC EDX; JAE 0xffffffffffffff90}
.text peauth.sys AD6BBC9D 28 Bytes [5E, 19, 88, 19, 39, 70, 0E, ...]
.text peauth.sys AD6BBCC1 28 Bytes [5E, 19, 88, 19, 39, 70, 0E, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AB898000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AB898123 629 Bytes [35, 89, AB, FE, 05, 34, 35, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AB898399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AB8983FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B AB8984AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000085 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713456f7f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713456f7f (not active ControlSet)
---- EOF - GMER 1.0.15 ----
--- --- --- |
|
16.06.2010, 14:43
| #6 |
| /// Selecta Jahrusso | Webcamspion? Ich sehe hier mal nichts. Ungeschützes Netzwerk ? Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
__________________ --> Webcamspion? |
|
16.06.2010, 16:50
| #7 |
| | Webcamspion? Also Eset hat auch nichts mehr gefunden. Hier das Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=55e7911ae4dd8845a4f07c2ae73e684b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-16 02:48:03
# local_time=2010-06-16 04:48:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 408945 408945 0 0
# compatibility_mode=1797 16775165 100 94 812018 19037561 239139 0
# compatibility_mode=5893 16776573 100 94 92447 28327488 0 0
# compatibility_mode=8192 67108863 100 0 225 225 0 0
# scanned=144553
# found=0
# cleaned=0
# scan_time=3387
 |
|
16.06.2010, 17:17
| #8 |
| /// Selecta Jahrusso | Webcamspion? Hm :/ ich werd mal meine Kollegen fragen. Eventuell hat jemand eine Idee. Bitte um etwas Geduld  Aber lassen wir denoch mal folgendes laufen. Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (16.06.2010 um 17:22 Uhr) |
|
16.06.2010, 18:20
| #9 |
| | Webcamspion? Hab deine Anleitung (inkl. CCleaner) ausgeführt und USB-Stick hing auch mit dran. Externe Festplatte habe ich (noch) keine, Digicam und Handy läuft alles noch über meinen alten Laptop. Code:
ATTFilter ComboFix 10-06-15.04 - Marina 16.06.2010 19:02:45.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2039.1360 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\users\xxx\AppData\Roaming\chrtmp
c:\windows\system32\st326222.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-16 bis 2010-06-16 ))))))))))))))))))))))))))))))
.
2010-06-15 13:34 . 2010-06-15 20:09 -------- d-----w- c:\program files\Trillian
2010-06-15 13:30 . 2010-06-15 13:30 -------- d-----w- c:\users\xxx\AppData\Roaming\Miranda
2010-06-12 09:39 . 2010-06-12 09:39 -------- d-----w- c:\programdata\F-Secure
2010-06-11 21:35 . 2010-06-11 21:35 -------- d-----w- c:\users\xxx\.SunDownloadManager
2010-06-11 18:52 . 2010-06-11 18:52 -------- d-----w- C:\rsit
2010-06-11 18:40 . 2010-06-11 18:40 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2010-06-11 18:40 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 18:39 . 2010-06-11 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 18:39 . 2010-06-11 18:39 -------- d-----w- c:\programdata\Malwarebytes
2010-06-11 18:39 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 18:25 . 2010-06-11 18:25 -------- d-----w- c:\program files\CCleaner
2010-06-11 17:31 . 2010-06-11 17:31 -------- d-----w- c:\users\xxx\AppData\Roaming\Roxio Log Files
2010-06-09 13:29 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 13:29 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 13:29 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 13:29 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 13:29 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-31 12:38 . 2010-05-31 12:38 -------- d-----w- c:\users\xxx\AppData\Local\SHOUTcast Radio Toolbar
2010-05-31 11:36 . 2010-05-31 11:36 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2010-05-31 11:36 . 2010-05-31 11:36 -------- d-----w- c:\programdata\SHOUTcast Radio Toolbar
2010-05-30 13:52 . 2010-05-30 13:52 -------- d-----w- c:\program files\Streamripper
2010-05-30 13:36 . 2010-05-30 13:58 -------- d-----w- c:\users\xxx\AppData\Roaming\streamripper
2010-05-30 13:34 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-30 13:33 . 2010-05-30 13:33 -------- d-----w- c:\program files\Winamp Detect
2010-05-30 13:33 . 2010-05-30 14:16 -------- d-----w- c:\users\xxx\AppData\Roaming\Winamp
2010-05-30 13:30 . 2010-05-31 11:39 -------- d-----w- c:\program files\Winamp
2010-05-30 10:31 . 2010-05-30 11:03 -------- d-----w- c:\users\xxx\AppData\Local\Apple Computer
2010-05-30 10:29 . 2010-05-30 10:29 -------- d-----w- c:\programdata\Apple
2010-05-30 10:14 . 2010-05-30 10:20 -------- d-----w- c:\program files\flatster
2010-05-27 12:30 . 2010-05-27 12:30 -------- d-----w- c:\users\xxx\AppData\Local\assembly
2010-05-26 07:01 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 20:18 . 2010-05-25 20:18 -------- d-----w- c:\users\xxx\AppData\Local\Graboid_Inc
2010-05-25 20:18 . 2010-05-25 20:18 -------- d-----w- c:\users\xxx\AppData\Local\Graboid
2010-05-25 20:18 . 2010-05-25 20:18 -------- d-----w- c:\users\xxx\AppData\Roaming\MozillaControl
2010-05-25 20:17 . 2010-05-25 20:17 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-05-23 11:50 . 2010-05-23 11:50 -------- d-----w- c:\program files\Veetle
2010-05-23 00:03 . 2010-05-23 00:03 -------- d-----w- c:\users\xxx\AppData\Local\cache
2010-05-22 23:53 . 2010-05-23 00:07 -------- d-----w- c:\users\xxx\AppData\Local\FullTiltPoker
2010-05-22 23:42 . 2010-05-22 23:43 -------- d-----w- c:\users\xxx\AppData\Local\PokerStars
2010-05-20 19:06 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-20 19:06 . 1998-07-06 15:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-05-20 19:06 . 1998-07-06 15:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-05-20 19:06 . 2010-05-20 19:06 -------- d-----w- c:\program files\PDFCreator
2010-05-20 19:06 . 1998-07-06 15:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2010-05-20 19:06 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-05-20 18:59 . 2010-05-20 18:59 -------- d-----w- c:\program files\gs
2010-05-20 18:51 . 2010-05-20 19:01 -------- d-----w- c:\program files\PDF Blender
2010-05-18 14:20 . 2010-05-18 14:20 58 ----a-w- c:\users\Marina\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2010-05-18 14:20 . 2010-05-18 14:20 -------- d-----w- c:\users\xxx\AppData\Roaming\DonationCoder
2010-05-18 14:19 . 2010-05-18 14:19 -------- d-----w- c:\program files\ScreenshotCaptor
2010-05-18 14:19 . 2010-05-18 14:19 -------- d-----w- c:\programdata\DonationCoder
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 17:06 . 2009-09-15 01:03 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-06-16 17:06 . 2009-09-15 01:03 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-06-12 07:40 . 2010-03-22 09:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-11 20:15 . 2010-04-24 13:59 -------- d-----w- c:\program files\Trend Micro
2010-06-11 18:03 . 2009-09-15 00:32 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-09 21:06 . 2009-09-15 00:43 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 06:10 . 2010-03-25 14:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 13:33 . 2009-09-15 00:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-30 10:33 . 2010-05-30 10:31 -------- d-----w- c:\users\xxx\AppData\Roaming\Apple Computer
2010-05-30 10:31 . 2010-05-30 10:31 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-30 10:31 . 2010-05-30 10:31 -------- d-----w- c:\program files\iTunes
2010-05-30 10:31 . 2010-05-30 10:31 -------- d-----w- c:\program files\iPod
2010-05-30 10:31 . 2010-05-30 10:30 -------- d-----w- c:\programdata\Apple Computer
2010-05-30 10:31 . 2010-05-30 10:29 -------- d-----w- c:\program files\Common Files\Apple
2010-05-30 10:30 . 2010-05-30 10:30 -------- d-----w- c:\program files\QuickTime
2010-05-30 10:29 . 2010-05-30 10:29 -------- d-----w- c:\program files\Apple Software Update
2010-05-30 10:29 . 2010-05-30 10:29 -------- d-----w- c:\program files\Bonjour
2010-05-29 10:25 . 2010-03-22 09:51 -------- d-----w- c:\users\xxx\AppData\Roaming\BSW
2010-05-25 20:17 . 2010-03-24 21:29 -------- d-----w- c:\program files\VideoLAN
2010-05-20 18:44 . 2009-09-15 00:54 -------- d-----w- c:\programdata\Sonic
2010-05-20 18:44 . 2009-09-15 00:54 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-12 09:31 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-03-22 09:26 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-28 13:45 . 2010-04-28 13:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 12:33 . 2010-04-28 12:33 -------- d-----w- c:\users\xxx\AppData\Roaming\Academic Software Zurich
2010-04-28 11:48 . 2010-04-28 11:47 -------- d-----w- c:\program files\Citavi
2010-04-27 11:01 . 2010-04-27 11:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-24 13:59 . 2010-04-24 13:59 388096 ----a-r- c:\users\xxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-22 15:07 . 2010-03-22 09:50 -------- d-----w- c:\program files\Java
2010-04-22 14:36 . 2009-09-15 00:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 14:33 . 2009-09-15 00:26 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-22 14:33 . 2010-04-22 14:33 -------- d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-04-20 12:10 . 2010-03-23 13:31 -------- d-----w- c:\program files\Cisco Systems VPN Client
2010-04-16 06:33 . 2010-04-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-14 17:09 . 2010-04-22 14:31 1230088 ----a-w- c:\programdata\Hewlett-Packard\HPSAUpgrade2\HpSAUpgrade.exe
2010-04-12 15:29 . 2010-04-22 15:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 00:50 . 2010-04-27 12:27 1496064 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-08 00:50 . 2010-04-27 12:27 43008 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-08 00:50 . 2010-04-27 12:27 338944 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-08 00:50 . 2010-04-27 12:27 346112 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-01 20:56 . 2010-03-23 21:56 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-03-30 16:42 . 2010-03-22 06:11 123880 ----a-w- c:\users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 08:33 . 2010-04-02 10:18 1496064 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-04-02 10:18 43008 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-04-02 10:18 339456 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:32 . 2010-04-02 10:18 346112 ----a-w- c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-23 160328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 150552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-06-04 4231680]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Marina\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Marina\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\Marina\AppData\Roaming\Mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82C15000]<< >>UNKNOWN [0x8921D000]<< >>UNKNOWN [0x8A039000]<< >>UNKNOWN [0x89405000]<< >>UNKNOWN [0x83025000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-06-16 19:10:09
ComboFix-quarantined-files.txt 2010-06-16 17:10
Vor Suchlauf: 10 Verzeichnis(se), 263.730.966.528 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 263.683.870.720 Bytes frei
- - End Of File - - 4B1B03B9F613000085C7607A7BE18DFE
|
|
18.06.2010, 12:20
| #10 |
| /// Selecta Jahrusso | Webcamspion? Sorry für die Verzögerung. Es gibt sogenannte ClickJacking Attacken und ist eine Sicherheitslücke im FlashPlayer. Update diesen bitte einmal und Hier etwas Lesestoff (english) zu den Einstellungen. Bei Fragen, gerne
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.06.2010, 20:55
| #11 |
| | Webcamspion? Danke für deine Nachforschungen. Ich werde den Adobe Flash Player dann wohl mal deinstallieren und neu installieren - weil Updates findet er keine  Ich hab schon von Anfang an Probleme mit dem Flash Player - manchmal hängt sich Firefox einfach auf, wenn eigentlich ein Video/spiel o.ä. starten sollte. Wenn man den Laptop neu gestartet hat, ging es allerdings wieder. Hab damals (März/April) auch alles ausprobiert (deinstallieren und wieder installieren, updaten, Einstellungen verändert) und dann hatte ich irgendwann plötzlich Ruhe und es funktionierte immer. Natürlich damals auch HiJackLogs angeschaut (bzw. anschauen lassen), gescannt usw. Jetzt ist das Problem wieder da. Aber gut, da es ja nur temporär ist, kann ich damit einigermaßen leben. Also vielen Dank, dass du dir alles angesehen hast - hab jetzt auch an den Feineinstellungen justiert und hoffe das mich niemand mehr beim Surfen beobachtet   |
|
18.06.2010, 21:08
| #12 |
| /// Selecta Jahrusso | Webcamspion? Okay, sollte es denoch zu Problemen kommen, sende mir eine PN damit ich auf dieses Thema erneut aufmerksam werde. Eventuell könntest Du noch folgendes laufen lassen. Ist aber ne reine vermutung das der Scan das Problem behebt Grundreinigung mit SUPERAntiSpyware
Eine bitte noch Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte OTL und klicke auf den Bereinigung Button. Dies wird OTL etc vollständig vom PC entfernen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
07.07.2010, 17:43
| #13 |
| | Webcamspion? o.k. ich habe mich schon öfter mit dem thema beschäftigt! besorg dir ein camstop, dann hast du damit kein problem mehr |
|
08.07.2010, 12:18
| #14 |
| /// Mr. Schatten | Webcamspion? So ein Unfug  , nur weil du die Webcam abdeckst, sind doch nicht die Probleme durch Malware behoben  Kopf in den Sand stecken füllt höchstens den Kopf mit Sand.
__________________ alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung keine Hilfe via PN hier ist ein Forum, jeder kann profitieren/kontrollieren - niemand ist fehlerfrei tendenzielle Beachtung der Rechtschreibregeln erhöht die Wahrscheinlichkeit einer Antwort - |
|
| Themen zu Webcamspion? |
| außen, bild, browser, das bild, dinge, fenster, laptop, licht, minute, minuten, offen, richtig, webcam, weiterhelfen, wenige |
Webcamspion?
Linear-Darstellung
