| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus Trojan.Generic.* und Exe.Corrupted InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.07.2010, 11:44
| #1 | |
 |  Virus Trojan.Generic.* und Exe.Corrupted Infektion Hallo, MWAV 12 hat folgendes gefunden: Zitat:
Gleich die Clean-Funktion benutzen oder kann es sich hier auch um Falschmeldungen handeln? Danke im voraus. Peter |
|
04.07.2010, 14:00
| #2 |
| /// Malware-holic   | Virus Trojan.Generic.* und Exe.Corrupted Infektion prüfe doch mal bitte
__________________C:\ProgramData\Sony\MyClubVAIO\startreg.exe bei VirusTotal - Free Online Virus and Malware Scan poste das ergebniss. falls datei bereits analysiert, klicke erneut prüfen. C:\Users\Hansi\Downloads\Google_Updater.exe ebenfalls prüfen. |
|
04.07.2010, 15:19
| #3 | ||
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Ergebnis 1(startreg.exe):
__________________Zitat:
Zitat:
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP444.tmp\System.DirectoryServices.dll ? Warum finden so viele Virenscanner nichts und andere finden etwas? Gruss Peter |
|
04.07.2010, 16:53
| #4 |
| /// Malware-holic | Virus Trojan.Generic.* und Exe.Corrupted Infektion ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide, falls zu groß, aufteilen |
|
04.07.2010, 18:43
| #5 |
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Hallo, ich habe es gemacht wie von Dir beschrieben. Die Standardeinstellung von 30 Tagen habe ich unverändert gelassen, hätte ich das ändern sollen? OTL.TXT [QUOTE] OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2010 18:28:07 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Hansi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,53 Gb Total Space | 63,99 Gb Free Space | 50,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SONYLAP Current User Name: Hansi Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Hansi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Hansi\AppData\Local\Temp\mexetmp.ex~ (MicroWorld Technologies Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Hansi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (VUAgent) -- C:\Program Files\sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe (Sony Corporation) SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe () SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH) DRV - (Wdm1) -- C:\Windows\System32\drivers\usbbc.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = eumex.ip ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "eumex.ip" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.24 17:33:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.03 22:31:48 | 000,000,000 | ---D | M] [2010.04.30 21:04:36 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\mozilla\Extensions [2010.07.03 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\mozilla\Firefox\Profiles\40ywxk84.default\extensions [2010.05.02 12:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hansi\AppData\Roaming\mozilla\Firefox\Profiles\40ywxk84.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.30 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe File not found O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003..\Run: [\\MEDIONLT\EPSON Stylus D78 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003..\Run: [EPSON Stylus D120 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003..\Run: [EPSON Stylus D78 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003..\Run: [EPSON Stylus D78 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O7 - HKU\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heimnetz.dns O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{87309215-f97a-11dc-9283-001a8044dcac}\Shell - "" = AutoRun O33 - MountPoints2\{87309215-f97a-11dc-9283-001a8044dcac}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found O33 - MountPoints2\{cd091c75-cdd1-11dd-a40b-001a8044dcac}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found O33 - MountPoints2\{dee3c69b-76cb-11df-95f5-001a8044dcac}\Shell\AUtoPlAY\coMManD - "" = fftu.exe O33 - MountPoints2\{dee3c69b-76cb-11df-95f5-001a8044dcac}\Shell\AutoRun\command - "" = fftu.exe O33 - MountPoints2\{dee3c69b-76cb-11df-95f5-001a8044dcac}\Shell\exploRe\COmmand - "" = fftu.exe O33 - MountPoints2\{dee3c69b-76cb-11df-95f5-001a8044dcac}\Shell\OpEn\CoMMand - "" = fftu.exe O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.08.07 19:14:44 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.07.04 12:09:10 | 000,000,000 | ---D | C] -- C:\escan [2010.07.03 23:47:42 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2010.07.03 23:47:42 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2010.07.03 23:45:08 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2010.07.03 23:45:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe [2010.07.03 23:45:08 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2010.07.03 23:45:08 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2010.07.03 23:42:36 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll [2010.07.03 23:42:35 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe [2010.07.03 23:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld [2010.07.03 23:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2010.07.03 23:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis [2010.07.03 23:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010.07.03 22:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.03 22:40:50 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr [2010.06.13 21:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2010.06.13 21:05:20 | 000,000,000 | ---D | C] -- C:\Users\Hansi\AppData\Roaming\uTorrent [2010.06.13 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\Hansi\AppData\Roaming\vlc [2010.06.13 13:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.06.13 13:18:07 | 000,000,000 | ---D | C] -- C:\Users\Hansi\AppData\Local\Apple Computer [2010.06.13 13:12:32 | 000,000,000 | ---D | C] -- C:\Users\Hansi\AppData\Roaming\Apple Computer [2010.06.12 20:29:57 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.12 20:29:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.12 20:29:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.12 20:29:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.12 20:29:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.12 20:29:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.12 20:29:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.06.12 20:29:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.12 20:29:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.12 20:29:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.12 20:29:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.06.12 20:29:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.12 20:29:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.12 20:29:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.06.12 20:29:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.06.12 20:29:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.06.12 20:29:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.12 20:29:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.06.12 20:29:24 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.06 22:12:28 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2010.06.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Intel [2010.06.06 21:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2010.06.06 21:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2010.06.06 21:24:34 | 000,000,000 | ---D | C] -- C:\Users\Hansi\AppData\Local\PC_Drivers_Headquarters [2010.06.06 21:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters [2010.06.06 21:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters ========== Files - Modified Within 30 Days ========== [2010.07.04 16:28:01 | 002,359,296 | -HS- | M] () -- C:\Users\Hansi\ntuser.dat [2010.07.03 23:46:14 | 000,000,053 | ---- | M] () -- C:\Windows\Lic.xxx [2010.07.03 23:42:35 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll [2010.07.03 23:42:34 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe [2010.07.03 23:38:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.03 23:36:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.03 23:36:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.03 23:36:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.03 23:36:54 | 000,524,288 | -HS- | M] () -- C:\Users\Hansi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.03 23:36:54 | 000,065,536 | -HS- | M] () -- C:\Users\Hansi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.03 23:36:35 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job [2010.07.03 23:35:43 | 001,375,913 | -H-- | M] () -- C:\Users\Hansi\AppData\Local\IconCache.db [2010.07.03 23:12:08 | 000,001,874 | ---- | M] () -- C:\Users\Hansi\Desktop\HijackThis.lnk [2010.07.03 22:54:50 | 000,000,804 | ---- | M] () -- C:\Users\Hansi\Desktop\CCleaner.lnk [2010.07.03 22:51:50 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.07.03 22:41:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010.07.03 22:35:41 | 001,566,174 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.03 22:35:41 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.03 22:35:41 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.03 22:35:41 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.03 22:35:41 | 000,118,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.03 22:31:49 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr [2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010.06.28 22:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010.06.20 12:13:37 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.06.13 21:07:36 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010.06.13 13:42:02 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.12 21:16:40 | 000,391,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.06 21:23:08 | 000,002,360 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk ========== Files Created - No Company Name ========== [2010.07.03 23:43:04 | 000,000,053 | ---- | C] () -- C:\Windows\Lic.xxx [2010.07.03 23:42:35 | 000,000,522 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest [2010.07.03 23:12:08 | 000,001,874 | ---- | C] () -- C:\Users\Hansi\Desktop\HijackThis.lnk [2010.07.03 22:54:50 | 000,000,804 | ---- | C] () -- C:\Users\Hansi\Desktop\CCleaner.lnk [2010.06.20 12:13:37 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.06.13 21:07:36 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010.06.13 13:42:02 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.06 21:23:08 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk [2010.01.01 19:29:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.01.30 18:50:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.12.28 17:46:41 | 000,015,576 | ---- | C] () -- C:\Windows\System32\drivers\usbbc.sys [2008.12.28 17:46:41 | 000,003,953 | ---- | C] () -- C:\Windows\System32\coinst.dll [2008.12.28 17:28:15 | 000,000,075 | ---- | C] () -- C:\Windows\USBBC.ini [2008.12.28 17:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\MDI.INI [2008.12.28 15:50:36 | 000,011,404 | ---- | C] () -- C:\Windows\System32\usbbc95.sys [2008.10.14 11:47:34 | 000,000,041 | ---- | C] () -- C:\Windows\CDE D120DEFGIPS.ini [2007.11.18 13:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI [2007.11.17 23:21:06 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2007.11.17 23:18:29 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini [2007.11.17 23:18:28 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.11.17 23:09:30 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2007.10.23 12:06:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.20 20:20:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2007.03.26 13:06:03 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.03.26 13:04:58 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2007.02.28 03:36:18 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007.02.28 03:36:16 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2007.02.28 03:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007.02.26 21:02:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll [2007.02.26 21:02:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.02.26 21:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2007.02.26 21:02:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2007.02.26 18:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.02.26 12:59:50 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2007.10.25 23:46:18 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\InterVideo [2010.01.01 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\IrfanView [2009.04.03 10:45:47 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\MAGIX [2008.11.09 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\PeerNetworking [2008.01.06 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Shareaza [2007.10.16 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Template [2010.07.03 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\uTorrent [2010.07.03 23:36:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.07.03 23:36:35 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.03 12:14:04 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Adobe [2010.06.13 13:12:32 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Apple Computer [2007.10.16 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Google [2007.02.26 12:15:52 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Identities [2007.10.20 20:20:17 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\InstallShield [2007.10.25 23:46:18 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\InterVideo [2010.01.01 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\IrfanView [2007.02.26 18:07:38 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Macromedia [2009.04.03 10:45:47 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\MAGIX [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Media Center Programs [2010.06.06 22:11:38 | 000,000,000 | --SD | M] -- C:\Users\Hansi\AppData\Roaming\Microsoft [2010.04.30 21:04:36 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Mozilla [2007.10.19 10:51:13 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\OpenOffice.org2 [2008.11.09 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\PeerNetworking [2007.10.16 14:34:46 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Roxio [2008.01.06 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Shareaza [2010.07.03 23:36:48 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Skype [2010.05.01 22:32:07 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\skypePM [2009.02.23 15:02:49 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Sony Corporation [2007.10.16 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Template [2010.07.03 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\uTorrent [2010.06.13 14:06:02 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\vlc [2009.01.30 19:02:28 | 000,000,000 | ---D | M] -- C:\Users\Hansi\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.28 09:17:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.28 09:17:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.28 09:17:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.02.26 21:02:21 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.02.26 21:02:19 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.02.26 21:02:21 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.02.26 21:02:31 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.02.26 21:02:34 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Extras.txt [QUOTE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2010 18:28:07 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Hansi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,53 Gb Total Space | 63,99 Gb Free Space | 50,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SONYLAP
Current User Name: Hansi
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-600995965-2057509812-2277749265-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-600995965-2057509812-2277749265-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09185680-C808-4161-BAFE-6DCF3CD3791A}" = rport=138 | protocol=17 | dir=out | app=system |
"{18D60F68-1EE3-4413-82E8-A5F1C4B0A780}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4E31986A-3DEA-4B2F-BCB8-81BF2AD02E2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A034283-E032-402C-956F-B8EC1DC49126}" = rport=137 | protocol=17 | dir=out | app=system |
"{8D2EF33E-1C83-4D91-B62C-80CB662C58D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8899815-11A6-4440-937A-F611B94D9DAC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B03C610C-0CB2-462A-B552-1DFF090D5FC2}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0AB8FA6-677E-4DE1-9905-D7850A803047}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBE0F355-5D73-4133-96B8-4B95FAB3DEF9}" = lport=137 | protocol=17 | dir=in | app=system |
"{E75AD092-F1E9-43FA-B3E7-63069EE9395A}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE54B62C-EB33-4B5F-9A0D-153E972B7DA2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FD80A5D4-5EC5-4AD7-B26A-1B29D46DC32A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F0E144-FD09-4D54-A6D3-F089CBF50CB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28CFDEA3-1FFE-445E-BD6B-A4637549DBF5}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{3FFB5F4F-8F05-4A1C-9CA8-3B576946ABD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{447D7448-365D-40E9-B66F-995D16D581C3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47C90C3D-85C2-47DD-B1BA-1CC1C48DD1E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CD269C5-1BF6-4B94-941E-F153702ED562}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{723F5A50-BD2E-47FC-8E1E-3C686EBB6124}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C792399-E622-4F84-9B56-27581C835C6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2650E29-7736-4D43-92C4-6C470FEB84FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFDCD1AC-0E91-47F6-8C76-99CD5AB75A2B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B853D6C8-BE18-4F9F-BA31-E6B14A1C8375}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{BE4F4FE7-A4A4-4216-8D7E-498D9D644820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2FBD107-06BE-42B5-A8FB-D653991E55AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D32589A7-318C-40C9-9FAF-BFFD9FD32013}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D8573DE1-FA8D-4233-8EC6-4BBC24D0FEC1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ED980AFC-205D-493D-ACCD-88223D4D57B1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F5498AE8-8F1D-46E5-BA3C-6456DDE43254}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F5F9EE28-CBA8-497C-860C-192F317A9C95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD3E384E-F900-4277-859F-3AE2AEAFCFAF}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{85813471-09EE-4084-BB60-EA718BC14C44}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{886FE871-1BAB-4FAE-B257-17BEEA4F96DC}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{998EB7CA-CDC9-4E41-9B85-0AFC44BA6DA3}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{BDEC47E7-D9F5-4C13-AA5E-5B300CC8AC80}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0AAE6279-45D3-4E87-A8C5-0E6F29BC2C32}" = VAIO Content Importer VAIO Content Exporter
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Stylus C110_D120 Benutzerhandbuch" = EPSON Stylus C110_D120 Handbuch
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Media Manager silver" = MAGIX Media Manager silver
"MAGIX mp3 maker titanium 2004" = MAGIX mp3 maker titanium 2004
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Secunia PSI" = Secunia PSI
"Shareaza_is1" = Shareaza 2.3.1.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wubi" = Ubuntu
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 03.02.2008 07:00:23 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 03.02.2008 07:00:35 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 03.08.2008 14:15:16 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 03:56:54 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 03:59:39 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 04:04:51 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 04:05:12 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 04:05:31 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 04:05:32 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
Error - 24.04.2009 04:05:32 | Computer Name = VGN-N38.heimnetz.dns | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 01.01.2010 18:50:28 | Computer Name = VGN-N38.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2010 18:50:31 | Computer Name = VGN-N38.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2010 18:50:32 | Computer Name = VGN-N38.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2010 18:50:42 | Computer Name = VGN-N38.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.01.2010 18:50:43 | Computer Name = VGN-N38.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.01.2010 17:31:31 | Computer Name = sonylap.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.01.2010 17:31:31 | Computer Name = sonylap.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.01.2010 17:53:30 | Computer Name = sonylap.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.04.2010 14:31:23 | Computer Name = sonylap.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.04.2010 15:39:36 | Computer Name = sonylap.heimnetz.dns | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 21.11.2007 01:42:25 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 25.08.2008 15:07:22 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 25.08.2008 15:12:52 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 31.01.2009 03:49:15 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 31.01.2009 03:54:37 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 02.02.2009 06:14:27 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 14.04.2009 10:20:32 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 29.06.2009 17:30:11 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 30.06.2009 01:54:40 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 30.06.2009 02:02:21 | Computer Name = VGN-N38.heimnetz.dns | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
[ System Events ]
Error - 03.07.2010 16:35:58 | Computer Name = sonylap.heimnetz.dns | Source = DCOM | ID = 10010
Description =
Error - 03.07.2010 16:38:51 | Computer Name = sonylap.heimnetz.dns | Source = Service Control Manager | ID = 7000
Description =
Error - 03.07.2010 16:50:07 | Computer Name = sonylap.heimnetz.dns | Source = Service Control Manager | ID = 7000
Description =
Error - 03.07.2010 17:38:53 | Computer Name = sonylap.heimnetz.dns | Source = DCOM | ID = 10005
Description =
Error - 03.07.2010 17:39:00 | Computer Name = sonylap.heimnetz.dns | Source = DCOM | ID = 10005
Description =
Error - 03.07.2010 17:39:04 | Computer Name = sonylap.heimnetz.dns | Source = DCOM | ID = 10005
Description =
Error - 03.07.2010 17:39:12 | Computer Name = sonylap.heimnetz.dns | Source = DCOM | ID = 10005
Description =
Error - 03.07.2010 17:40:02 | Computer Name = sonylap.heimnetz.dns | Source = Service Control Manager | ID = 7001
Description =
Error - 03.07.2010 17:40:02 | Computer Name = sonylap.heimnetz.dns | Source = Service Control Manager | ID = 7001
Description =
Error - 03.07.2010 17:40:02 | Computer Name = sonylap.heimnetz.dns | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
04.07.2010, 19:11
| #6 |
| /// Malware-holic | Virus Trojan.Generic.* und Exe.Corrupted Infektion bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
04.07.2010, 21:21
| #7 |
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Ich habe jetzt Combofix laufen lassen, es meldet aber dass zwei Programme laufen die garnicht existieren(Avira Antivir und Avast 4.8). Ich habe hier Avast 5 welches ich aber während des Combofix-Laufes gestoppt habe. [QUOTE] Combofix Logfile: Code:
ATTFilter ComboFix 10-07-03.06 - Hansi 04.07.2010 21:54:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1210 [GMT 2:00]
ausgeführt von:: c:\users\Hansi\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081215-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081215-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-04 bis 2010-07-04 ))))))))))))))))))))))))))))))
.
2010-07-04 20:01 . 2010-07-04 20:01 -------- d-----w- c:\users\Hansi\AppData\Local\temp
2010-07-04 20:01 . 2010-07-04 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-04 10:09 . 2010-07-04 10:09 -------- d-----w- C:\escan
2010-07-03 21:47 . 2010-07-03 21:47 -------- d---a-w- c:\windows\rundll16.exe
2010-07-03 21:47 . 2010-07-03 21:47 -------- d---a-w- c:\windows\logo1_.exe
2010-07-03 21:45 . 2010-07-03 21:45 -------- d---a-w- c:\windows\VDLL.DLL
2010-07-03 21:45 . 2010-07-03 21:45 -------- d---a-w- c:\windows\system32\runouce.exe
2010-07-03 21:45 . 2010-07-03 21:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-07-03 21:45 . 2010-07-03 21:45 -------- d---a-w- c:\windows\logo_1.exe
2010-07-03 21:42 . 2010-07-03 21:42 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-03 21:42 . 2010-07-03 21:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-03 21:42 . 2010-07-03 21:42 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-03 21:42 . 2010-07-03 21:42 -------- d-----w- c:\programdata\MicroWorld
2010-07-03 21:12 . 2010-07-03 21:12 -------- d-----w- c:\program files\Trend Micro
2010-07-03 20:54 . 2010-07-03 20:54 -------- d-----w- c:\program files\CCleaner
2010-07-03 20:40 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-13 19:07 . 2010-06-13 19:07 -------- d-----w- c:\program files\uTorrent
2010-06-13 19:05 . 2010-07-04 19:58 -------- d-----w- c:\users\Hansi\AppData\Roaming\uTorrent
2010-06-13 11:42 . 2010-06-13 12:06 -------- d-----w- c:\users\Hansi\AppData\Roaming\vlc
2010-06-13 11:41 . 2010-06-13 11:41 -------- d-----w- c:\program files\VideoLAN
2010-06-13 11:18 . 2010-06-13 11:18 -------- d-----w- c:\users\Hansi\AppData\Local\Apple Computer
2010-06-13 11:12 . 2010-06-13 11:12 -------- d-----w- c:\users\Hansi\AppData\Roaming\Apple Computer
2010-06-06 20:12 . 2009-12-14 10:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-06-06 20:10 . 2010-06-06 20:10 -------- d-----w- C:\Intel
2010-06-06 19:36 . 2010-06-06 19:36 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-06 19:24 . 2010-06-06 19:24 -------- d-----w- c:\programdata\UAB
2010-06-06 19:24 . 2010-06-06 19:24 -------- d-----w- c:\users\Hansi\AppData\Local\PC_Drivers_Headquarters
2010-06-06 19:24 . 2010-06-06 19:24 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-06-06 19:22 . 2010-06-06 19:22 -------- d-----w- c:\program files\PC Drivers HeadQuarters
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-04 20:02 . 2010-04-30 20:36 -------- d-----w- c:\users\Hansi\AppData\Roaming\Skype
2010-07-03 20:35 . 2006-11-02 15:33 675412 ----a-w- c:\windows\system32\perfh007.dat
2010-07-03 20:35 . 2006-11-02 15:33 146234 ----a-w- c:\windows\system32\perfc007.dat
2010-07-03 20:28 . 2008-08-16 21:18 -------- d-----w- c:\programdata\Google Updater
2010-06-28 20:57 . 2007-10-20 14:54 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2007-10-20 14:54 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-08-03 17:12 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2007-10-20 14:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2007-10-20 14:54 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-08-03 17:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-20 10:13 . 2007-03-26 11:03 -------- d-----r- c:\program files\Skype
2010-06-20 10:13 . 2007-03-26 11:04 -------- d-----w- c:\programdata\Skype
2010-06-12 19:15 . 2008-07-23 20:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-12 19:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-28 17:34 . 2010-05-28 17:34 -------- d-----w- c:\program files\sequoiaview
2010-05-28 16:58 . 2009-01-31 17:02 -------- d-----w- c:\program files\Microsoft
2010-05-28 16:32 . 2010-05-28 16:32 -------- d-----w- c:\program files\Secunia
2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-26 17:06 . 2010-06-12 18:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 18:29 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:33 . 2007-10-20 16:23 -------- d-----w- c:\program files\QuickTime
2010-05-24 15:32 . 2010-05-24 15:32 -------- d-----w- c:\programdata\Apple Computer
2010-05-24 15:31 . 2010-05-24 15:31 -------- d-----w- c:\program files\Common Files\Apple
2010-05-24 15:30 . 2010-05-24 15:30 -------- d-----w- c:\program files\Apple Software Update
2010-05-24 15:30 . 2010-05-24 15:30 -------- d-----w- c:\programdata\Apple
2010-05-21 12:14 . 2009-11-06 18:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-12 18:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-12 18:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-12 18:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-12 18:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-12 18:29 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 20:54 . 2010-04-30 20:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-30 19:04 . 2010-04-30 19:04 0 ----a-w- c:\windows\nsreg.dat
2010-04-30 18:58 . 2007-10-16 10:34 113536 ----a-w- c:\users\Hansi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 14:13 . 2010-05-28 16:32 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"\\MEDIONLT\EPSON Stylus D78 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE" [2006-09-22 139264]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-13 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26194728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,a6,00,78,32,8b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-600995965-2057509812-2277749265-1003]
"EnableNotificationsRef"=dword:00000001
R3 AVMUNET;Eumex 300 IP;c:\windows\system32\DRIVERS\avmunet.sys [2005-04-18 15104]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
R3 VUAgent;VUAgent;c:\program files\sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-01-08 15576]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-26 08:52]
2010-07-04 c:\windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
- c:\windows\system32\msfeedssync.exe [2010-06-12 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = eumex.ip
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Hansi\AppData\Roaming\Mozilla\Firefox\Profiles\40ywxk84.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-04 22:01
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-07-04 22:06:03
ComboFix-quarantined-files.txt 2010-07-04 20:06
Vor Suchlauf: 13 Verzeichnis(se), 86.461.714.432 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 86.916.907.008 Bytes frei
- - End Of File - - 0B03617C6DAE70DDAC93CA4B2AC123D5
|
|
05.07.2010, 09:49
| #8 |
| /// Malware-holic | Virus Trojan.Generic.* und Exe.Corrupted Infektion kannst du mal die beiden dateien die escan fand an uns hochladen? http://www.trojaner-board.de/54791-a...ner-board.html wie unter punkt2. gib bescheid, wenn fertig. da sind evtl. noch reste von avira und avast4 |
|
11.07.2010, 20:07
| #9 |
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Ich habe die beiden Dateien jetzt hochgeladen. |
|
11.07.2010, 22:08
| #10 |
| /// Malware-holic | Virus Trojan.Generic.* und Exe.Corrupted Infektion update mal avast und mache einen boot zeit scan poste das ergebniss |
|
18.07.2010, 22:23
| #11 | |
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Hallo, ich habe heute Avast durch F-Secure von der CHIP 08/2010 ersetzt. Startreg.exe wurde damit als Virenbefallen erkannt und der Fehler behoben, bzw. die Datei gelöscht. Die Google_Updater.exe habe ich eigenhändig gelöscht und durch einen neuen Download ersetzt. Damit sollte jetzt alles okay sein, hatte ich gehofft, aber ein erneuter Scan mit der aktuellen MWAV brachte folgendes Ergebnis(sieht nicht besser aus, oder?): Zitat:
|
|
18.07.2010, 22:53
| #12 |
| /// Malware-holic | Virus Trojan.Generic.* und Exe.Corrupted Infektion kannst du die mal bei VirusTotal - Free Online Virus and Malware Scan prüfen C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP444.tmp\System.DirectoryServices.dll ergebniss posten |
|
21.07.2010, 19:25
| #13 | |
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Konnte die Datei auf meinem Vista-System erst nicht finden(Explorer sieht wohl manche Dinge etwas anders oder zeigt sie nicht an) habe sie dann mit Total Commander gefunden, ins C:\Temp kopiert und diese dann hochgeladen. Das Ergebnis sieht gut aus: Zitat:
|
|
21.07.2010, 20:22
| #14 |
| /// Malware-holic | Virus Trojan.Generic.* und Exe.Corrupted Infektion das scheint also n fehlalarm gewesen zu sein. mirc ist an sich auch nicht schädlich |
|
21.07.2010, 20:54
| #15 |
| | Virus Trojan.Generic.* und Exe.Corrupted Infektion Wie kommst Du auf mirc? Ist doch hier garnicht instaliert? Die anderen Meldungen (z.B. Orifice2K.plugin) sind alles Falschmeldungen? |
|
| Themen zu Virus Trojan.Generic.* und Exe.Corrupted Infektion |
| adware, appdata, assembly, clean, dateisystem, fake, fehlalarm, fehler, folge, google, home, infected, infektion, infiziert, laufwerke, local\temp, maßnahme, mozilla, mwavauswertung, programdata, prozesse, reg.exe, registrierungsdatenbank, software, spyware, symantec, system32, temp, trojan.generic., trojangeneric, updater.exe, virus, windows, windows media player |
7zJVF4Obrxqph4s8stCLJi3xTFdQ/dmd6lyhc4NOwMWIT6YIzaulAq4Rdl
Linear-Darstellung
