|
Plagegeister aller Art und deren Bekämpfung: TR/PSW.Zbot.133169.Y alle paar Antivir und temp DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.06.2010, 11:58 | #16 |
/// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Lass dir mal zeit, vl schrotte ich den PC doch noch Schritt 1 Grundreinigung mit SUPERAntiSpyware
Schritt 2 Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort SASW Log ESET Log OTL.txt Extras.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.06.2010, 12:44 | #17 | |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien so schritt 1 ist nun endlich fertig
__________________hier die log datei: Zitat:
btw: ich hatte jetzt seit einer halben stunde keine Fehlermeldung mehr, ich hoffe mal das bleibt jetzt so |
30.06.2010, 13:07 | #18 |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien ich finde leider das add-on nicht.
__________________extras -> add-ons -> add-ons suchen ->esetsmartinstaller_enu.exe suchen da findet der leider keine treffer. edit: wie dumm von mir das hat der ja automatisch gemacht... aber jetzt habe ich ein anderes Problem, der scan bleibt immer bei 17% stehen. Ich habe auch schon die datie gelöscht(die war unwichtig) und jetzt bleibt er bei einer anderen bei 17% hängen. Die Zeit läuft zwar weiter aber vorher scant der sehr zügig und bei 17% ändert sich sogar nach einigen Minuten nichts. Geändert von pannenmann (30.06.2010 um 13:14 Uhr) |
30.06.2010, 13:17 | #19 |
/// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Du sollst den Scanner auch in Ruhe laufen lassen. Lass dem Scanner mal etwas Zeit. Keiner sagt das der in 10 min fertig ist
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.06.2010, 14:37 | #20 |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Ouh da war ich wohl viel zu ungeduldig -> eset lasse ich jetzt dann laufen OTL log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.06.2010 14:15:59 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Klaus\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 62,46 Gb Free Space | 48,80% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 63,43 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name:**** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.30 14:15:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Klaus\Desktop\OTL.exe PRC - [2010.06.28 01:26:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.06.28 01:26:58 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.06.07 19:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Programme\PowerISO\PWRISOVM.EXE PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.11.18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe ========== Modules (SafeList) ========== MOD - [2010.06.30 14:15:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Klaus\Desktop\OTL.exe MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.06.17 16:09:00 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.17 17:38:34 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.02 00:21:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.12.07 21:03:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.01 23:49:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.10.16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2009.07.21 18:31:44 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.05.11 11:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 11:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E C0 2D 2E 3B 5B CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "web.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:14.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 01:26:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 01:26:59 | 000,000,000 | ---D | M] [2009.11.01 23:41:18 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Extensions [2010.06.30 14:05:32 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions [2010.06.28 13:05:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.09 13:06:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.11.07 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\moveplayer@movenetworks.com [2010.04.08 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\qtl.co.il@gmail.com [2010.06.23 23:15:20 | 000,001,056 | ---- | M] () -- C:\Users\Klaus\AppData\Roaming\Mozilla\FireFox\Profiles\lpflhio7.default\searchplugins\icqplugin.xml [2010.01.31 12:56:29 | 000,002,108 | ---- | M] () -- C:\Users\Klaus\AppData\Roaming\Mozilla\FireFox\Profiles\lpflhio7.default\searchplugins\qtl.xml [2010.06.30 00:20:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.02 23:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.12 13:55:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 13:55:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 13:55:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 13:55:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 13:55:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.30 12:36:37 | 000,000,050 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.142.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.30 14:15:18 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Klaus\Desktop\OTL.exe [2010.06.30 14:05:10 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.06.30 13:03:16 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\SUPERAntiSpyware.com [2010.06.30 13:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.06.30 13:03:12 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.06.30 13:01:30 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Klaus\Desktop\SUPERAntiSpyware.exe [2010.06.30 12:31:29 | 000,000,000 | ---D | C] -- C:\_OTS [2010.06.30 11:40:52 | 000,640,000 | ---- | C] (OldTimer Tools) -- C:\Users\Klaus\Desktop\OTS.exe [2010.06.30 11:38:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.06.30 11:23:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.30 01:04:37 | 000,000,000 | ---D | C] -- C:\Users\Klaus\DoctorWeb [2010.06.30 00:58:25 | 000,000,000 | ---D | C] -- C:\Programme\DrWeb [2010.06.30 00:40:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.06.30 00:37:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.30 00:37:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.30 00:37:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.30 00:37:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.06.30 00:34:44 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.29 23:57:51 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Download Manager [2010.06.29 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Malwarebytes [2010.06.29 23:48:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.29 23:48:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.29 23:48:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.29 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.29 09:25:17 | 000,000,000 | ---D | C] -- C:\Programme\Guitar Pro 5 [2010.06.29 09:11:38 | 000,000,000 | ---D | C] -- C:\Programme\PowerISO [2010.06.28 19:35:28 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Guitar Pro 6 [2010.06.28 19:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2010.06.23 15:41:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.23 15:41:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.23 15:41:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Local\AOL [2010.06.23 10:51:19 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.06.23 09:43:06 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.06.23 09:43:05 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.06.23 09:43:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.23 09:43:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.06.18 03:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Veetle [2010.06.09 01:25:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.09 01:25:05 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.09 01:25:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.09 01:25:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.09 01:25:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.09 01:25:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.09 01:24:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.09 01:24:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2010.06.30 14:16:46 | 002,359,296 | -HS- | M] () -- C:\Users\Klaus\ntuser.dat [2010.06.30 14:15:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Klaus\Desktop\OTL.exe [2010.06.30 14:04:46 | 002,672,312 | ---- | M] () -- C:\Users\Klaus\Desktop\esetsmartinstaller_enu.exe [2010.06.30 13:48:21 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.30 13:48:21 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.30 13:41:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.30 13:40:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.30 13:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.30 13:40:43 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys [2010.06.30 13:39:51 | 006,291,456 | -H-- | M] () -- C:\Users\Klaus\AppData\Local\IconCache.db [2010.06.30 13:33:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.30 13:03:14 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.06.30 13:02:23 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Klaus\Desktop\SUPERAntiSpyware.exe [2010.06.30 12:36:37 | 000,000,050 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.30 12:33:52 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.06.30 12:31:37 | 000,524,288 | -HS- | M] () -- C:\Users\Klaus\ntuser.dat{23bc377b-8428-11df-a800-001617d75309}.TMContainer00000000000000000002.regtrans-ms [2010.06.30 12:31:37 | 000,524,288 | -HS- | M] () -- C:\Users\Klaus\ntuser.dat{23bc377b-8428-11df-a800-001617d75309}.TMContainer00000000000000000001.regtrans-ms [2010.06.30 12:31:37 | 000,065,536 | -HS- | M] () -- C:\Users\Klaus\ntuser.dat{23bc377b-8428-11df-a800-001617d75309}.TM.blf [2010.06.30 12:30:41 | 000,293,376 | ---- | M] () -- C:\Users\Klaus\Desktop\t53joooe.exe [2010.06.30 11:40:54 | 000,640,000 | ---- | M] (OldTimer Tools) -- C:\Users\Klaus\Desktop\OTS.exe [2010.06.30 11:34:22 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.06.30 11:23:02 | 003,724,003 | R--- | M] () -- C:\Users\Klaus\Desktop\Combo-Fix.exe [2010.06.30 11:21:23 | 001,515,082 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.30 11:21:23 | 000,658,934 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.30 11:21:23 | 000,619,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.30 11:21:23 | 000,133,488 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.30 11:21:23 | 000,109,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.30 10:29:05 | 000,040,808 | ---- | M] () -- C:\Users\Klaus\Desktop\85104-otl-otlogfile-oldtimer.html [2010.06.29 20:17:22 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.06.29 20:17:22 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.06.29 19:17:10 | 000,451,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.29 09:26:09 | 000,123,672 | ---- | M] () -- C:\Users\Klaus\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.29 09:25:31 | 000,000,902 | ---- | M] () -- C:\Users\Klaus\Desktop\Guitar Pro 5.lnk [2010.06.29 09:11:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk [2010.06.23 23:34:41 | 000,014,193 | ---- | M] () -- C:\Users\Klaus\Documents\Ronja23.docx [2010.06.13 13:22:30 | 000,001,814 | ---- | M] () -- C:\Users\Klaus\Desktop\Zattoo.lnk [2010.06.13 13:22:13 | 016,245,350 | ---- | M] () -- C:\Users\Klaus\Desktop\Zattoo-4.0.5.exe [2010.06.13 13:19:13 | 000,017,408 | ---- | M] () -- C:\Users\Klaus\AppData\Local\WebpageIcons.db [2010.06.11 13:25:13 | 000,042,851 | ---- | M] () -- C:\Users\Klaus\Documents\text spanisch.docx [2010.06.09 13:20:38 | 000,086,684 | ---- | M] () -- C:\Users\Klaus\Documents\16.03.2010.m3u ========== Files Created - No Company Name ========== [2010.06.30 13:45:17 | 002,672,312 | ---- | C] () -- C:\Users\Klaus\Desktop\esetsmartinstaller_enu.exe [2010.06.30 13:03:14 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.06.30 12:30:40 | 000,293,376 | ---- | C] () -- C:\Users\Klaus\Desktop\t53joooe.exe [2010.06.30 11:22:59 | 003,724,003 | R--- | C] () -- C:\Users\Klaus\Desktop\Combo-Fix.exe [2010.06.30 11:16:42 | 000,524,288 | -HS- | C] () -- C:\Users\Klaus\ntuser.dat{23bc377b-8428-11df-a800-001617d75309}.TMContainer00000000000000000002.regtrans-ms [2010.06.30 11:16:42 | 000,524,288 | -HS- | C] () -- C:\Users\Klaus\ntuser.dat{23bc377b-8428-11df-a800-001617d75309}.TMContainer00000000000000000001.regtrans-ms [2010.06.30 11:16:42 | 000,065,536 | -HS- | C] () -- C:\Users\Klaus\ntuser.dat{23bc377b-8428-11df-a800-001617d75309}.TM.blf [2010.06.30 10:29:03 | 000,040,808 | ---- | C] () -- C:\Users\Klaus\Desktop\85104-otl-otlogfile-oldtimer.html [2010.06.30 00:37:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.30 00:37:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.30 00:37:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.30 00:37:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.30 00:37:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.30 00:28:36 | 000,027,671 | ---- | C] () -- C:\Users\Klaus\Desktop\FileLister.vbe [2010.06.30 00:28:36 | 000,012,043 | ---- | C] () -- C:\Users\Klaus\Desktop\svcwht.dat [2010.06.29 20:13:26 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.06.29 20:13:26 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.06.29 09:25:31 | 000,000,902 | ---- | C] () -- C:\Users\Klaus\Desktop\Guitar Pro 5.lnk [2010.06.29 09:11:40 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk [2010.06.23 23:34:41 | 000,014,193 | ---- | C] () -- C:\Users\Klaus\Documents\Ronja23.docx [2010.06.13 13:22:11 | 016,245,350 | ---- | C] () -- C:\Users\Klaus\Desktop\Zattoo-4.0.5.exe [2010.06.11 13:25:12 | 000,042,851 | ---- | C] () -- C:\Users\Klaus\Documents\text spanisch.docx [2010.02.28 00:21:46 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2010.02.28 00:21:46 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll [2010.02.28 00:21:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2009.11.01 23:42:16 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.11.01 23:42:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.10.16 07:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini [2009.07.21 17:42:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.11.13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini [2007.12.04 06:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini [2007.06.07 06:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini [2005.03.08 07:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini < End of report > extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.06.2010 14:15:59 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Klaus\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 62,46 Gb Free Space | 48,80% Space Free | Partition Type: NTFS Drive D: | 170,10 Gb Total Space | 63,43 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KLAUS-PC Current User Name: Klaus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian "{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch "{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech "{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek "{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish "{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common "{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English "{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy "{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E73E80C-2C31-3CCB-735F-D611C3230893}" = ccc-utility "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4BE5D0D1-468A-4438-8477-D8523EEFB3E6}" = Origin8 "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full "{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional "{73182AC3-5CC3-4161-AE97-F23E09B13147}" = Vallen JPegger "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins "{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish "{D6FBA785-DF2D-48C5-B238-40ABBD8EB780}" = Langenscheidt Vokabeltrainer 4.0 Englisch "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista "{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation "{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai "{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing "{F570A3D8-BC0D-408E-BBE3-57E6DEEE5AAA}" = ROOT "{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.3 "Aspell" = Aspell Data "Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de) "AudioCS" = Creative Audio-Systemsteuerung "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "Guitar Pro 5_is1" = Guitar Pro 5.2 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "ICQToolbar" = ICQ Toolbar "LyX" = LyX 1.6.5-1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Maple 13" = Maple 13 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MiKTeX 2.8" = MiKTeX 2.8 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "RTL Winter Sports 2009" = RTL Winter Sports 2009 "Shop for HP Supplies" = Shop for HP Supplies "Spotify" = Spotify "Steam App 10" = Counter-Strike "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.0.3 "Winamp" = Winamp "WinDjView" = WinDjView 1.0.3 "WinRAR archiver" = WinRAR "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
30.06.2010, 16:00 | #21 | |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien so hier nun endlich die eset log: Zitat:
|
30.06.2010, 16:01 | #22 |
/// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Noch Probleme oder Auffälligkeiten ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.06.2010, 16:02 | #23 |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien nee in letzter zeit nicht mehr vielen dank also der scan hat ja jetzt ein paar stunden gedauert und währenddessen gab es keine Fehlermeldungen mehr |
30.06.2010, 16:07 | #24 |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Ich finde das hier echt ne super Sache Danke für die Geduld und die kompetente und äußerst schnelle Hilfe! |
30.06.2010, 16:09 | #25 |
/// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Logfile ist sauber Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.06.2010, 16:26 | #26 |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Dankeschön da sind echt viele nützliche Programme dabei - anscheinend muss ich jetzt noch eine Update session starten, da viele meiner Programme veraltet sind. Die Bereinigung und auch die anderen Schritte haben alle geklappt Windows ist auch auf dem aktuellsten Stand und die Add-ons für Mozilla habe ich auch alle installiert bzw. teilweise hatte ich die schon Mein Pc läuft jetzt wieder ohne Fehler und auch ein bisschen schneller - anscheinend sind bei den ganzen aufräum Programmen ein paar sinnlose Programme oder so gelöscht worden Nochmals vielen Dank für die Hilfe!! |
30.06.2010, 18:55 | #27 |
/// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich. Jeder andere möge bitte einen eigenen Thread starten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
30.06.2010, 21:35 | #28 |
| TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien Hmm, ich habe den gleichen Virus drauf. Soll ich die gleichen Schritte ausführen um ihre herunter zu bekommen ?! |
30.06.2010, 21:38 | #29 | ||
/// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle paar Antivir und temp DateienZitat:
Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu TR/PSW.Zbot.133169.Y alle paar Antivir und temp Dateien |
32 bit, adblock, adobe, antivir, autorun, avgntflt.sys, avira, bho, bonjour, components, controlset002, corp./icp, defender, desktop, error, excel.exe, explorer, firefox, firefox.exe, flash player, fontcache, format, helper, install.exe, langs, local\temp, location, locker, logfile, microsoft office word, mozilla, nvidia, nvstor.sys, office 2007, officejet, oldtimer, origin, otl.exe, picasa, plug-in, poweriso, programdata, registry, rundll, saver, sched.exe, searchplugins, security, security scan, security update, senden, shell32.dll, software, sptd.sys, start menu, taskhost.exe, teamspeak, temp, tr/psw.zbot., vlc media player, webcheck, windows |