| |
| |||||||
Log-Analyse und Auswertung: Mehrere Instanzen von Internet ExplorerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.07.2010, 14:17
| #1 |
| |  Mehrere Instanzen von Internet Explorer Hallo, ich habe entdeckt, dass iexplorer.exe mehrfach (4-6fach) zu laufen scheint. Das scheint den PC langsam zu machen. Wahrscheinlich sind noch ein paar andere Sachen nicht in Ordnung. Vielen Dank schonmal für jeden, der mir was über das Logfile sagen kann. hier mal das Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:59:31, on 12.07.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe C:\Program Files\MediaMonkey\MediaMonkey.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HiJack this\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 68.142.122.203 lockerz.fcod.llnwd.net O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVO2009 Defrag - Systweak Inc. - C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe O23 - Service: Google Update Service (gupdate1c9abe7cf1c54f4) (gupdate1c9abe7cf1c54f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe -- End of file - 4903 bytes |
|
12.07.2010, 16:37
| #2 |
| /// Malware-holic   | Mehrere Instanzen von Internet Explorer download malwarebytes:
__________________Malwarebytes instalieren, registerkarte aktualisierung, programm updaten. dann, schalte alle laufenden programme ab, auch den avir guard. bitte trenne außerdem die internetverbindung, in dem du das netzwerkkabel ziehst, bzw wlan abschaltest. malwarebytes, registerkarte scanner, komplett scan, funde löschen, avira und internet ein, log posten. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste die beiden. |
|
12.07.2010, 22:18
| #3 |
| | Mehrere Instanzen von Internet Explorer Hallo!
__________________hier der log von malwarebytes, der einzige fund stammt von so nem kleinen spielchen, das meine Freundin mal gespielt hat. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4306
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
12.07.2010 22:58:44
mbam-log-2010-07-12 (22-58-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 307792
Laufzeit: 1 Stunde(n), 5 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\Cooking Dash\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
|
|
12.07.2010, 22:31
| #4 |
| | Mehrere Instanzen von Internet Explorer otl.txt Code:
ATTFilter OTL logfile created on: 12.07.2010 23:04:51 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = D:\Incoming Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): c:\pagefile.sys 2000 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,07 Gb Total Space | 12,12 Gb Free Space | 31,02% Space Free | Partition Type: NTFS Drive D: | 72,74 Gb Total Space | 11,59 Gb Free Space | 15,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 28,62 Gb Total Space | 12,44 Gb Free Space | 43,47% Space Free | Partition Type: NTFS Drive G: | 9,77 Gb Total Space | 2,58 Gb Free Space | 26,42% Space Free | Partition Type: NTFS Drive H: | 102,04 Gb Total Space | 5,46 Gb Free Space | 5,35% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive K: | 292,97 Gb Total Space | 263,16 Gb Free Space | 89,82% Space Free | Partition Type: NTFS Drive L: | 292,97 Gb Total Space | 11,84 Gb Free Space | 4,04% Space Free | Partition Type: NTFS Drive M: | 345,57 Gb Total Space | 4,22 Gb Free Space | 1,22% Space Free | Partition Type: NTFS Computer Name: ****** Current User Name: ****** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Incoming\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe (Systweak Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Incoming\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (AVO2009 Defrag) -- C:\Programme\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe (Systweak Inc.) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (HWiNFO32) -- C:\Programme\HWiNFO32\HWiNFO32.SYS (REALiX(tm)) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group) DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron ) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 34 1E FB 8C BE CA 01 [binary data] IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://socksify.com/proxy.pac" FF - prefs.js..network.proxy.backup.ftp: "localhost" FF - prefs.js..network.proxy.backup.ftp_port: 8118 FF - prefs.js..network.proxy.backup.gopher: "localhost" FF - prefs.js..network.proxy.backup.gopher_port: 8118 FF - prefs.js..network.proxy.backup.socks: "localhost" FF - prefs.js..network.proxy.backup.socks_port: 8118 FF - prefs.js..network.proxy.backup.ssl: "localhost" FF - prefs.js..network.proxy.backup.ssl_port: 8118 FF - prefs.js..network.proxy.ftp: "213.55.93.236" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "213.55.93.236" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "213.55.93.236" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "213.55.93.236" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "213.55.93.236" FF - prefs.js..network.proxy.ssl_port: 80 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 09:57:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.30 16:22:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 11:31:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.30 16:22:47 | 000,000,000 | ---D | M] [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mozilla\Extensions [2010.07.12 09:44:17 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions [2010.04.28 08:22:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.12 09:44:01 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.13 09:10:34 | 000,000,000 | ---D | M] (Download Statusbar) -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.18 08:40:41 | 000,000,000 | ---D | M] (No name found) -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2009.11.15 01:23:12 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\firefox@tvunetworks.com [2009.04.25 08:47:05 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\moveplayer@movenetworks.com [2010.05.27 13:00:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.13 16:28:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 16:28:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 16:28:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 16:28:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 16:28:17 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.28 18:08:41 | 000,000,800 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 68.142.122.203 lockerz.fcod.llnwd.net O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3575860208-692218852-3530354113-1000..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-3575860208-692218852-3530354113-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe File not found O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe File not found O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: F:\Users\******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: F:\Users\******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{cc15601f-d44a-11dd-8513-001fc6d93c3d}\Shell - "" = AutoRun O33 - MountPoints2\{cc15601f-d44a-11dd-8513-001fc6d93c3d}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: F:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk - D:\Incoming\JDownloader 0.5.917\JDownloader.exe - (AppWork UG (haftungsbeschränkt)) MsConfig - StartUpFolder: F:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk - C:\PROGRA~1\PPStream\PPStream.exe - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AVO Ram Optimizer - hkey= - key= - c:\program files\systweak\advanced vista optimizer 2009\AVO.exe (Systweak Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: JMB36X Configure - hkey= - key= - File not found MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.07.12 21:48:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.12 21:48:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.12 21:48:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.12 21:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.12 14:57:27 | 000,000,000 | ---D | C] -- C:\Programme\HiJack this [2010.07.12 10:37:26 | 000,000,000 | ---D | C] -- f:\Users\******\Desktop\HDDScan [2010.07.06 10:34:19 | 000,000,000 | ---D | C] -- C:\Log [2010.07.06 10:24:02 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\PhoenixDll.dll [2010.07.06 10:24:01 | 000,000,000 | ---D | C] -- C:\Programme\Stellar Phoenix Windows Data Recovery [2010.07.06 09:50:34 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe [2010.07.06 09:50:34 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe [2010.07.06 09:50:31 | 000,000,000 | ---D | C] -- C:\Programme\Stellar Phoenix NTFS Data Recovery [2010.07.06 08:34:47 | 000,000,000 | ---D | C] -- F:\Users\******\AppData\Roaming\Acronis [2010.07.05 16:24:05 | 000,911,680 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tdrpm258.sys [2010.07.05 16:24:02 | 000,581,984 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys [2010.06.25 00:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.06.25 00:02:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.25 00:02:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.25 00:02:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.24 03:58:41 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.24 03:58:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.17 14:38:41 | 000,000,000 | ---D | C] -- C:\Programme\StreamTorrent 1.0 [2010.06.17 14:38:41 | 000,000,000 | ---D | C] -- F:\Users\******\AppData\Roaming\StreamTorrent [2010.06.15 15:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.12 23:05:40 | 002,621,440 | -HS- | M] () -- C:\Users\Harald\NTUSER.DAT [2010.07.12 23:00:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\eucqffpo.sys [2010.07.12 22:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.12 21:50:09 | 000,002,107 | ---- | M] () -- f:\Users\******\Desktop\RTF-Dokument (neu).rtf [2010.07.12 21:43:29 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 21:43:29 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 16:48:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.12 14:57:27 | 000,001,974 | ---- | M] () -- f:\Users\******\Desktop\HiJackThis.lnk [2010.07.12 09:41:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.12 09:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.12 09:41:39 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys [2010.07.12 03:21:07 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms [2010.07.12 03:21:07 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2010.07.12 03:21:04 | 002,818,681 | -H-- | M] () -- C:\Users\******\AppData\Local\IconCache.db [2010.07.12 01:35:40 | 001,783,591 | ---- | M] () -- f:\Users\******\Desktop\HDDScan.rar [2010.07.12 01:33:26 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B123AA1-C6B7-49CF-9478-F6754E2004E7}.job [2010.07.09 11:58:34 | 000,164,864 | ---- | M] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.09 09:43:18 | 000,000,068 | ---- | M] () -- C:\Windows\spwdr.INI [2010.07.06 17:10:55 | 005,728,081 | ---- | M] () -- f:\Users\******\Documents\StellarPhoenixWinDataRecovery Scan 06-Jul-2010_05 10 28 PM.IMG [2010.07.06 10:24:12 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind [2010.07.06 10:24:12 | 000,000,130 | ---- | M] () -- C:\Windows\Crypkey.ini [2010.07.06 09:52:55 | 000,000,199 | ---- | M] () -- C:\Windows\win.ini [2010.07.06 09:51:21 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp [2010.07.06 09:51:21 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat [2010.07.05 16:24:05 | 000,911,680 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpm258.sys [2010.07.05 16:24:02 | 000,581,984 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys [2010.07.03 19:20:43 | 000,009,216 | ---- | M] () -- f:\Users\******\Desktop\Bezahlliste.xls [2010.06.25 00:05:20 | 001,462,296 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.25 00:05:20 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.25 00:05:20 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.25 00:05:20 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.25 00:05:20 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.12 23:00:13 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\eucqffpo.sys [2010.07.12 14:57:27 | 000,001,974 | ---- | C] () -- f:\Users\******\Desktop\HiJackThis.lnk [2010.07.12 01:35:43 | 001,783,591 | ---- | C] () -- f:\Users\******\Desktop\HDDScan.rar [2010.07.06 17:10:53 | 005,728,081 | ---- | C] () -- f:\Users\******\Documents\StellarPhoenixWinDataRecovery Scan 06-Jul-2010_05 10 28 PM.IMG [2010.07.06 10:34:19 | 000,000,068 | ---- | C] () -- C:\Windows\spwdr.INI [2010.07.06 10:24:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll [2010.07.06 09:51:21 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp [2010.07.06 09:51:21 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind [2010.07.06 09:51:21 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2010.07.06 09:50:57 | 000,000,130 | ---- | C] () -- C:\Windows\Crypkey.ini [2010.07.06 09:50:34 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2010.07.06 09:50:34 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2010.07.06 09:50:34 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2010.07.06 09:50:34 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2010.07.05 13:23:20 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD [2010.06.30 16:37:20 | 000,002,107 | ---- | C] () -- f:\Users\******\Desktop\RTF-Dokument (neu).rtf [2010.03.31 13:42:10 | 000,000,796 | ---- | C] () -- C:\Windows\QIII.INI [2010.03.14 22:08:27 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini [2009.10.25 18:21:46 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.25 18:21:32 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.20 11:30:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.09.24 00:49:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 22:58:44 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2009.05.29 11:28:32 | 000,000,030 | ---- | C] () -- C:\Windows\System32\drivers\Rev98HDD.ini [2009.03.16 19:36:39 | 000,000,235 | ---- | C] () -- C:\Windows\Wininit.ini [2009.02.14 17:43:17 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini [2009.02.04 11:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll [2009.01.02 13:02:51 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys [2009.01.02 13:02:49 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2009.01.02 13:02:49 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2009.01.02 13:02:49 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2008.12.27 12:01:39 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.12.25 19:12:46 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2008.12.24 15:53:53 | 000,024,003 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.12.24 15:43:31 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.12.24 15:43:30 | 000,023,611 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.12.24 15:43:24 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.04.19 08:20:17 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Auslogics [2009.10.26 13:42:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Bioshock [2010.07.12 03:21:09 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.07.12 01:33:26 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0B123AA1-C6B7-49CF-9478-F6754E2004E7}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.06 08:34:47 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Acronis [2008.12.30 13:27:48 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Adobe [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\ATI [2009.12.30 13:20:12 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\AudioConverter [2010.03.27 10:27:52 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Avira [2009.01.26 21:55:14 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Azureus [2009.10.30 14:12:04 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Bioshock [2010.07.12 23:07:15 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\BOM [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Bullzip [2009.07.28 13:34:09 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Cakewalk [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Canneverbe_Limited [2008.10.22 14:00:23 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2008.12.27 21:18:18 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\DAEMON Tools [2008.12.27 21:18:18 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\DAEMON Tools Lite [2008.12.27 21:18:18 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\DAEMON Tools Pro [2010.05.04 19:57:07 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\dvdcss [2010.05.05 16:08:24 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\FileZilla [2010.05.05 15:52:21 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\gtk-2.0 [2009.01.14 13:47:26 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\HP [2008.12.24 18:56:51 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Identities [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\ImgBurn [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\InstallShield [2008.10.04 12:39:03 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\IrfanView [2008.10.03 20:37:20 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Macromedia [2009.12.10 19:29:07 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mael [2008.12.22 11:03:47 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Malwarebytes [2009.05.06 22:45:49 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Media Player Classic [2010.04.10 23:28:50 | 000,000,000 | --SD | M] -- F:\Users\******\AppData\Roaming\Microsoft [2008.11.05 22:41:40 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mozilla [2008.10.24 13:22:06 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Mp3tag [2008.10.03 20:37:21 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Notepad++ [2008.12.20 15:55:50 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\OpenOffice.org [2008.12.20 15:40:15 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\OpenOffice.org2 [2008.10.22 12:54:18 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\PlayFirst [2010.04.19 08:23:29 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\ppstream [2008.12.18 10:23:51 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Real [2009.03.23 10:23:47 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\ScummVM [2008.10.22 13:54:13 | 000,000,000 | RH-D | M] -- F:\Users\******\AppData\Roaming\SecuROM [2010.03.15 00:23:58 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Skype [2010.03.14 22:48:54 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\skypePM [2009.07.19 17:25:21 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Steinberg [2010.06.17 14:38:41 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\StreamTorrent [2010.04.23 10:16:21 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Systweak [2008.10.04 17:43:58 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Talkback [2008.10.04 17:43:53 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Thunderbird [2009.11.14 21:56:18 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\TVU networks [2008.10.29 15:30:34 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Ubisoft [2010.07.12 21:49:17 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\vlc [2010.05.01 08:01:49 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\Webocton - Scriptly [2009.10.26 13:21:28 | 000,000,000 | ---D | M] -- F:\Users\******\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.01.25 13:52:12 | 005,472,734 | ---- | M] () -- F:\Users\******\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe [2008.10.31 18:04:42 | 000,010,134 | R--- | M] () -- F:\Users\******\AppData\Roaming\Microsoft\Installer\{0E6B0316-DE2E-A753-CAD6-0BA70B90B4E4}\ARPPRODUCTICON.exe [2009.10.28 21:09:47 | 000,010,134 | R--- | M] () -- F:\Users\******\AppData\Roaming\Microsoft\Installer\{2573A5FB-0352-4B85-E948-10FFCDD28731}\ARPPRODUCTICON.exe [2008.12.24 15:41:20 | 000,010,134 | R--- | M] () -- F:\Users\******\AppData\Roaming\Microsoft\Installer\{3D60292B-1C68-2751-E708-6E419318C9E1}\ARPPRODUCTICON.exe [2010.07.12 14:57:28 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- F:\Users\******\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2009.06.19 12:29:28 | 000,010,134 | R--- | M] () -- F:\Users\******\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.11.14 21:56:34 | 005,562,672 | ---- | M] (TVU networks) -- F:\Users\******\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.4.9.1.exe [2009.08.22 15:46:09 | 005,519,752 | ---- | M] (TVU networks) -- F:\Users\******\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.12.24 17:56:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.12.24 17:56:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.12.24 17:56:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.12.27 12:01:40 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2F091A97 < End of report > |
|
12.07.2010, 22:34
| #5 |
| | Mehrere Instanzen von Internet Explorer extras.txt Code:
ATTFilter OTL Extras logfile created on: 12.07.2010 23:04:51 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = D:\Incoming
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 12,12 Gb Free Space | 31,02% Space Free | Partition Type: NTFS
Drive D: | 72,74 Gb Total Space | 11,59 Gb Free Space | 15,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 28,62 Gb Total Space | 12,44 Gb Free Space | 43,47% Space Free | Partition Type: NTFS
Drive G: | 9,77 Gb Total Space | 2,58 Gb Free Space | 26,42% Space Free | Partition Type: NTFS
Drive H: | 102,04 Gb Total Space | 5,46 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 292,97 Gb Total Space | 263,16 Gb Free Space | 89,82% Space Free | Partition Type: NTFS
Drive L: | 292,97 Gb Total Space | 11,84 Gb Free Space | 4,04% Space Free | Partition Type: NTFS
Drive M: | 345,57 Gb Total Space | 4,22 Gb Free Space | 1,22% Space Free | Partition Type: NTFS
Computer Name: ********
Current User Name: ******
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3575860208-692218852-3530354113-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3575860208-692218852-3530354113-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- File not found
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- File not found
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D2545-DE59-4B38-9982-6EB19C30F22D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03A46228-C682-4E8B-BB01-DBF9E73D2B9A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{045FE416-A200-49FF-8980-858ABDC12421}" = rport=445 | protocol=6 | dir=out | app=system |
"{1CA988AA-81DA-4FD2-A792-0498E85A5838}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ED03770-5623-4B3F-80BC-D5D10A53B734}" = lport=138 | protocol=17 | dir=in | app=system |
"{2372F0E1-27CB-4C4A-B1A5-B58ED2A4B930}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2BB58F22-C06A-46DF-A219-A5743C69E812}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38A7EE34-E9EF-41A0-8A59-4B93C15722F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39A5EA64-B9F3-4106-B0FB-D9DA2BB64147}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A9C34B0-E5F7-4EFA-897E-E0BB303B6CB6}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F07CBF7-51C8-4544-AE18-7917CBAA1256}" = rport=139 | protocol=6 | dir=out | app=system |
"{4620611A-A8D9-41B8-B433-8E9C0CE20BB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D388FE3-0C4C-4C8E-864D-6958F6D48207}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5412B76F-E45F-4BAF-AB57-09FE4CD55A51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5FDDB2DE-5A3B-4798-B1EB-58135BE12CC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B72E623-1540-4A63-8541-EBA31FC21B8E}" = lport=137 | protocol=17 | dir=in | app=system |
"{76F3DA69-380A-4E33-A047-4637325D6DEA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BE35C5F-80A8-4F88-A5C2-8393AEC7C628}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBFA1967-4E25-4F2A-A8F9-AB12E5AF4213}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCB880EB-028B-4C39-BB6F-D1C15FB2FF7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD3A87BE-CAF2-4A87-BF65-42A02916EBFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1DB8307-22A4-4B02-AFCF-770468D5579B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5DB9D12-15BB-4782-BCE1-57001B50C8E8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E599A050-7CE4-4FCA-AB1F-1F7BF1CDB2CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F38E86B4-3474-4857-97FA-B694516A5AFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF28916C-E903-4F36-AEA4-68F639144BA8}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04427FC4-DD70-402D-A20C-DFCB6177509F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20C978B0-D292-48D3-BBC3-43CD094A5104}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{220179EB-4026-42BA-B8C2-B9DBE8AC5394}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{25ADCDA4-F996-4C9A-9DBE-E1F0BCBC611C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2946DFB3-284B-482A-B961-79E3F223DCEC}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{3BEFF597-2E50-4F8D-814C-265A6DF925E1}" = protocol=6 | dir=in | app=g:\rb6v\binaries\r6vegas_game.exe |
"{4FC28C30-E485-481E-A829-EA6509F4F1D4}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{5CA5D7FB-9E38-4D11-BF88-8165B5ECD18C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60997FBC-7BC4-460F-9E58-E8569877C8D4}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{65DA73D8-88EB-4295-80B6-D68E7A0AAA23}" = protocol=6 | dir=out | app=system |
"{6C66AD19-EB98-48AD-8700-3F381DB87B29}" = protocol=6 | dir=out | app=system |
"{76694740-71DA-4175-9452-6E312ADAE705}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{76CB343B-AF9B-4BC8-9C56-C16902AB4C72}" = protocol=17 | dir=in | app=g:\rb6v\binaries\r6vegas_game.exe |
"{78FDDBED-92DD-41EB-9872-C32532B5893C}" = protocol=17 | dir=in | app=g:\rb6v\binaries\r6vegas_launcher.exe |
"{8DE50F35-E0CB-4EEE-AF4C-17D094269528}" = protocol=6 | dir=in | app=g:\rb6v\binaries\r6vegas_launcher.exe |
"{9FF0D83E-78D3-4CE6-95B9-CEB269BC39A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B531B671-4510-4855-8A5F-1AC49882EF04}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{BA223A12-9FA0-4FB9-99BF-BA630520DEF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB21BF03-28F3-4E3E-841D-BD1ECBC4E549}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{BBA0F3C2-8C84-4A5A-802C-F527238E52A4}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{C90A821E-49B7-4549-B05E-598934946BDD}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{C9EF31BF-7216-4067-9877-069B55CE3F3D}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{CA1A2343-16BC-449F-86DE-D2873986F39B}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{DB2CE06B-0422-4636-ACDD-3A1925FC1F4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E42FD543-DF85-4C71-99F6-0DF5BF78C6FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDC146C4-F136-4829-928D-415766E9ADD2}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{FDC469D0-586E-4C9D-98D1-E0A3A209F232}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{08149499-A7AE-4BD6-8CFC-0985778956DC}F:\spiele\quake3\quake3.exe" = protocol=6 | dir=in | app=f:\spiele\quake3\quake3.exe |
"TCP Query User{097F084A-6E0A-42D5-AA5C-0121737F23C5}D:\incoming\desmume build 2789 x86 and x64\desmume-r2789\desmume_vs2008.exe" = protocol=6 | dir=in | app=d:\incoming\desmume build 2789 x86 and x64\desmume-r2789\desmume_vs2008.exe |
"TCP Query User{0C85B557-203C-48F4-81F2-D318D00E9262}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{0D1FE810-8F4E-4DC7-8A2A-F3A62F8678DF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1BCE1119-1DA4-447C-B30E-4CBA70E7EF31}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{1DAE9CB3-1076-4D69-9874-395A4E02B483}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2C047123-4553-4802-A28A-01D99FDBD769}C:\program files\common files\uusee\uuseemediacenter.exe" = protocol=6 | dir=in | app=c:\program files\common files\uusee\uuseemediacenter.exe |
"TCP Query User{2FAC3397-DDFD-4AFB-81E4-1FC95D7EE004}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{3119DDB7-584F-461F-ADC2-A47ECD92666E}F:\spiele\quake3\quake3.exe" = protocol=6 | dir=in | app=f:\spiele\quake3\quake3.exe |
"TCP Query User{37E007B8-AF1A-45F4-B361-68CDEF76F653}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{5F05E2EF-C1C7-4684-8690-E222D3BBED97}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{6A6D9A57-1367-4BAC-99F6-D0E060B24797}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7BEB3503-E47D-4F58-BE9A-4A81AEB46A70}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8ACE1EFC-9AD7-4311-B601-29120DFD90D0}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8C85596D-40CE-403C-B864-21B73AAC3FBB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{9799EDAE-0E97-4C10-8E90-7FE13B8330FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9AE00103-93B0-49E4-9568-F562CA3C330F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BBC29B05-43CE-4DA3-AC42-4A2868972E50}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{BE1BFE98-0CF1-4DBF-B403-C46F3114E748}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{C34055F3-B1F9-4326-B006-39A002BDC8E4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C5971D17-3DE6-4E95-854B-955026D96479}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{CAB9C7FC-B21A-47F3-A014-7234549AE128}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D0A3D55E-946A-49E9-9833-B2AC87CB3FB9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{D41EBA19-BEC8-4FC0-8EF9-21ACC8CCD94C}D:\incoming\ds emulator\desmume_vs2008.exe" = protocol=6 | dir=in | app=d:\incoming\ds emulator\desmume_vs2008.exe |
"TCP Query User{DDAC177D-A1E6-4F2C-B725-C50F01E17D18}F:\spiele\quake 3\quake3.exe" = protocol=6 | dir=in | app=f:\spiele\quake 3\quake3.exe |
"TCP Query User{E7793C54-0573-4AED-BF0D-9F605ED1BCF2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E84A8795-BDD3-4D6E-9635-71675CCA37C5}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe |
"TCP Query User{FD02248D-5354-4B55-AD4D-8C56AFFF8BD7}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{FF529F89-934F-4858-B3D7-4B324EA6A74F}D:\incoming\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=d:\incoming\crysis\bin32\crysis.exe |
"UDP Query User{021AA32C-93FA-4033-BFFC-7BC0C1ACC664}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{02A9C459-1A12-4EC0-AAF2-BD175DFF30D0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{051639FD-3279-42AD-8032-34F37BB8B4C3}F:\spiele\quake 3\quake3.exe" = protocol=17 | dir=in | app=f:\spiele\quake 3\quake3.exe |
"UDP Query User{104E853F-F4CE-4E33-8596-D438E2E54ECF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{131AEDE4-7064-4372-8896-2FBAD7F2982F}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{2C763D1A-6E34-4D31-B654-6D4B6B4592B4}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{33B36053-1689-4F8F-86E1-CE9B40C2C21F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3A215682-4C3D-4A20-9D7B-D31B6AE25D1F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3A4FE59A-C87B-4AB0-8FE5-9B1590F2F3A2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{3EB8297F-01B7-4750-8DDE-C4518D07CAC7}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{478F9180-ACF0-4DC0-B836-AD4A7AE96158}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{49A9C460-EC80-4CF4-9FF1-ECB8637459DD}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{4A09E8E8-4C2C-4197-9E60-04AF4E935191}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{63B44D35-324C-41BC-B0CA-DDD74C8969FE}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{652375E6-EFC7-4AF2-80B9-B34CDAD386EC}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{6B0F6B9D-7B7E-4779-86CE-610AD0F66117}F:\spiele\quake3\quake3.exe" = protocol=17 | dir=in | app=f:\spiele\quake3\quake3.exe |
"UDP Query User{822DEEDA-99C5-416A-9289-0F9216472079}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8BACFBCD-A24E-46BF-BDB3-D1F2E985ED1B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{97F906EC-0E2B-4C9A-8819-8D8FF9B63DED}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{A0E042BD-DD8E-44C0-959B-F93B0E78E990}F:\spiele\quake3\quake3.exe" = protocol=17 | dir=in | app=f:\spiele\quake3\quake3.exe |
"UDP Query User{A8A7A68F-A525-40E9-806D-C0934046DE91}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe |
"UDP Query User{AD99B079-C19B-40F7-A6AE-ED755FECC0B9}D:\incoming\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=d:\incoming\crysis\bin32\crysis.exe |
"UDP Query User{ADCC642E-6F8C-49FF-AE4A-66D93AAE7D6E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{BFEA7F93-8071-4B47-A462-85762D1EA081}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C473898B-8DC5-4845-8C74-FF33202ABC8C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{DD39C078-C9BD-4EE5-901E-AA1C530DC043}D:\incoming\ds emulator\desmume_vs2008.exe" = protocol=17 | dir=in | app=d:\incoming\ds emulator\desmume_vs2008.exe |
"UDP Query User{ED8E85C5-4E02-4C3F-865D-963D276723BA}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{F60B0829-C9BB-450C-A512-51E4C260C8B8}C:\program files\common files\uusee\uuseemediacenter.exe" = protocol=17 | dir=in | app=c:\program files\common files\uusee\uuseemediacenter.exe |
"UDP Query User{FB4680F2-664E-49AA-AA70-6F687609B103}D:\incoming\desmume build 2789 x86 and x64\desmume-r2789\desmume_vs2008.exe" = protocol=17 | dir=in | app=d:\incoming\desmume build 2789 x86 and x64\desmume-r2789\desmume_vs2008.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{034F8B84-40DE-EBB5-4B7E-07E719B1271B}" = Catalyst Control Center HydraVision Full
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1089C72B-8D02-1C2A-1832-B0007D8AA963}" = Catalyst Control Center Core Implementation
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2573A5FB-0352-4B85-E948-10FFCDD28731}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2B152D2E-039D-BDD5-DAB8-F9E715CF5FCA}" = Catalyst Control Center Graphics Light
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3AA1DCD6-CEE9-DAD4-79E3-6BF1F5D4744C}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D60292B-1C68-2751-E708-6E419318C9E1}" = Catalyst Control Center InstallProxy
"{4115D40F-3E40-8D0B-F2B7-5FE20E7D711C}" = Catalyst Control Center Graphics Previews Vista
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{5E609F4B-4B10-6DD8-C47D-9703044AC5EF}" = Catalyst Control Center Graphics Full New
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}" = Paragon Drive Backup 8.5
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6783BD80-A5DB-10A6-9F03-CE0B406BB982}" = Catalyst Control Center Graphics Previews Common
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7C2CD35D-FEC4-0272-9D16-CB1585C44FA6}" = ccc-utility
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EAB15F0-5857-A3B6-565F-F5A27EC4FD91}" = ATI Catalyst Install Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9102836A-D390-415F-45B2-27C9B3680303}" = ccc-core-static
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF225 USB to SATA Bridge 98 Driver Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4A70F1B-2046-AEBD-9F25-844BECFB163A}" = CCC Help English
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Vista Optimizer 2009_is1" = Advanced Vista Optimizer 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Avira UnErase Personal" = Avira UnErase Personal
"Azureus" = Azureus
"Biet-O-Matic v2.12.0" = Biet-O-Matic v2.12.0
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"CCleaner" = CCleaner (remove only)
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow [rev 3078] [2009-09-17]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Audio Dub_is1" = Free Audio Dub version 1.7
"GMX SMS-Manager" = GMX SMS-Manager
"Guitar Power_is1" = Guitar Power 1.5.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Guitar Tracks Pro 3" = Guitar Tracks Pro 3
"HotspotShield" = Hotspot Shield 1.37
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HWiNFO32_is1" = HWiNFO32 Version 3.20
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.25
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MKVtoolnix" = MKVtoolnix 3.0.0
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mp3tag" = Mp3tag v2.42
"Notepad++" = Notepad++
"Quake III Arena" = Quake III Arena
"RealAlt_is1" = Real Alternative 1.9.0
"ScummVM_is1" = ScummVM 0.11.0
"Secunia PSI" = Secunia PSI
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V4.1
"StreamTorrent 1.0" = StreamTorrent 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 1.0.5
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WinGimp-2.0_is1" = GIMP 2.6.5
"Zune" = Zune
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
vielen dank nochmal für Deine Mühe! |
|
13.07.2010, 11:36
| #6 |
| /// Malware-holic | Mehrere Instanzen von Internet Explorer CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade http://www.trojaner-board.de/51464-a...-ccleaner.html bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
13.07.2010, 12:44
| #7 |
| | Mehrere Instanzen von Internet Explorer defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:07 on 13/07/2010 (******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
otl fix: Code:
ATTFilter All processes killed
========== OTL ==========
File C:\Windows\System32\drivers\eucqffpo.sys not found.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Kotzkrücke\Startmenü\Programme\Autostart\wwwxbv32.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ****
User: postgres
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: *****
->Temp folder emptied: 155244 bytes
->Temporary Internet Files folder emptied: 18026534 bytes
->FireFox cache emptied: 37225556 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1388544 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5868 bytes
RecycleBin emptied: 591 bytes
Total Files Cleaned = 54,00 mb
OTL by OldTimer - Version 3.2.9.0 log created on 07132010_131731
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
13.07.2010, 12:48
| #8 |
| | Mehrere Instanzen von Internet Explorer combofix log: Code:
ATTFilter ComboFix 10-07-12.05 - USER 13.07.2010 13:29:15.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3326.2450 [GMT 2:00]
ausgeführt von:: d:\incoming\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\struct~.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\winload.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-13 bis 2010-07-13 ))))))))))))))))))))))))))))))
.
2010-07-13 11:35 . 2010-07-13 11:35 -------- d-----w- c:\users\******\AppData\Local\temp
2010-07-12 19:48 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 19:48 . 2010-07-12 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 19:48 . 2010-07-12 19:48 -------- d-----w- c:\programdata\Malwarebytes
2010-07-12 19:48 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 12:57 . 2010-07-12 12:57 -------- d-----w- c:\program files\HiJack this
2010-07-06 08:34 . 2010-07-09 07:42 -------- d-----w- C:\Log
2010-07-06 08:24 . 2006-04-17 09:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
2010-07-06 08:24 . 2004-10-16 19:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll
2010-07-06 08:24 . 2010-07-06 08:24 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2010-07-06 07:51 . 2010-07-06 07:51 4 ----a-w- c:\windows\vx86036.dat
2010-07-06 07:50 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2010-07-06 07:50 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2010-07-06 07:50 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2010-07-06 07:50 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2010-07-06 07:50 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2010-07-06 07:50 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2010-07-06 07:50 . 2010-07-06 08:19 -------- d-----w- c:\program files\Stellar Phoenix NTFS Data Recovery
2010-07-05 14:24 . 2010-07-05 14:24 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-07-05 14:24 . 2010-07-05 14:24 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-06-24 22:03 . 2010-06-24 22:03 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 22:02 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 22:02 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 22:02 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 22:02 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 22:02 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 01:58 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 01:58 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-17 12:38 . 2010-06-17 12:38 -------- d-----w- f:\users\******\AppData\Roaming\StreamTorrent
2010-06-17 12:38 . 2010-06-17 12:38 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-06-15 13:05 . 2010-06-15 13:05 -------- d-----w- c:\programdata\Ubisoft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 11:24 . 2009-06-25 06:29 -------- d-----w- c:\program files\CCleaner
2010-07-13 10:51 . 2008-10-06 17:35 -------- d-----w- f:\users\*****\AppData\Roaming\BOM
2010-07-13 08:44 . 2010-02-26 12:13 -------- d-----w- f:\users\*****\AppData\Roaming\vlc
2010-07-12 20:58 . 2009-01-07 15:41 -------- d-----w- c:\program files\Cooking Dash
2010-07-06 08:28 . 2009-03-23 18:47 -------- d-----w- c:\program files\Google
2010-07-06 08:11 . 2010-05-20 13:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-05 11:23 . 2008-12-24 13:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 22:05 . 2006-11-02 15:42 628504 ----a-w- c:\windows\system32\perfh007.dat
2010-06-24 22:05 . 2006-11-02 15:42 126054 ----a-w- c:\windows\system32\perfc007.dat
2010-06-21 13:17 . 2008-12-25 10:13 -------- d-----w- c:\program files\Biet-O-Matic
2010-06-11 16:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 09:14 . 2010-05-06 12:18 -------- d-----w- c:\programdata\DivX
2010-06-09 09:10 . 2010-05-06 13:28 -------- d-----w- c:\program files\DivX
2010-05-27 11:05 . 2010-05-27 11:05 -------- d-----w- c:\programdata\Media Center Programs
2010-05-27 11:00 . 2008-12-25 10:09 -------- d-----r- c:\program files\Skype
2010-05-26 17:06 . 2010-06-11 09:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 09:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-20 14:04 . 2010-05-20 13:55 -------- d-----w- c:\program files\MP3Gain
2010-05-20 13:13 . 2010-05-20 13:12 -------- d-----w- c:\program files\Free Audio Dub
2010-05-04 05:59 . 2010-06-11 09:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 09:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 09:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 09:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 09:44 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 18:35 . 2008-12-24 13:33 55360 ----a-w- c:\users\******\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 17:24 . 2009-10-25 16:21 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 14:13 . 2010-05-25 19:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-24 01:58 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-24 01:58 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-24 01:58 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-24 01:58 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-12-23 08:00 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GMX SMS-Manager"="c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\F:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=f:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\F:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk]
path=f:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVO Ram Optimizer]
2009-01-09 10:44 216296 ----a-w- c:\program files\Systweak\Advanced Vista Optimizer 2009\AVO.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
2007-11-20 05:31 385024 ------r- c:\windows\System32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-25 16:00 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 11:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):10,62,1f,ae,2f,3d,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3575860208-692218852-3530354113-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9abe7cf1c54f4;Google Update Service (gupdate1c9abe7cf1c54f4);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-27 717296]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-06-10 39472]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-07-16 19064]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe [2009-01-09 398056]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - avgntflt
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 18:47]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 18:47]
2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{0B123AA1-C6B7-49CF-9478-F6754E2004E7}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
FF - ProfilePath - f:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: f:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: f:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\xo79yurd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: f:\users\******\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-13 13:35
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3575860208-692218852-3530354113-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:78,04,0b,22,d6,19,53,df,6c,2b,22,7a,82,e7,03,52,b2,63,9a,6e,61,47,61,
31,2e,b2,98,bb,7b,0e,02,c9,0e,36,41,93,05,78,c9,4d,23,0c,63,a1,c6,4b,09,5d,\
"??"=hex:16,d2,08,9a,f5,9f,a1,07,47,24,e2,14,e9,19,b1,e3
[HKEY_USERS\S-1-5-21-3575860208-692218852-3530354113-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,97,9f,fe,c4,99,9b,a8,95,46,4d,f0,2f,36,e4,4a,47,5e,d4,50,30,
84,fa,dc,70,cc,f0,ec,8c,b8,96,69,05,61,bb,fb,fb,af,7b,ce,4e,dd,cc,18,2b,95,\
"rkeysecu"=hex:cd,81,88,3a,41,89,89,34,9f,c6,09,4b,d2,0b,e3,02
.
Zeit der Fertigstellung: 2010-07-13 13:37:04
ComboFix-quarantined-files.txt 2010-07-13 11:37
Vor Suchlauf: 9 Verzeichnis(se), 12.586.491.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 12.827.365.376 Bytes frei
- - End Of File - - A2D66DCF47369A8DA928A6F338EC4772
|
|
13.07.2010, 12:52
| #9 |
| /// Malware-holic | Mehrere Instanzen von Internet Explorer tritt das problem noch auf? |
|
13.07.2010, 15:32
| #10 |
| | Mehrere Instanzen von Internet Explorer vielen Dank! das Problem scheint gelöst zu sein! lieben gruß, Fjodorson |
|
13.07.2010, 16:59
| #11 |
| /// Malware-holic | Mehrere Instanzen von Internet Explorer avira avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
13.07.2010, 20:06
| #12 |
| | Mehrere Instanzen von Internet Explorer es ist ein kleines problem aufgetreten: combofix hat sich selbst neugestartet und alles war eigentlich in ordnung. Dann habe ich mich daran gemacht, die nächsten Anweisung zu befolgen, wobei ich Windows im gesichterten Modus starten lassen sollte (avira deinstallation) Da hat aber Windows moniert, dass die Datei Winload.exe fehlt und es nicht starten kann. Ich habe dann meine Windows-CD eingelegt und dem gesagt er soll das reparieren, was er auch gemacht hat. Jetzt läuft alles wieder. Was soll ich davon halten? Danach hab ich Avira de und wieder installiert. Das Log sieht so aus: Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 13. Juli 2010 19:35
Es wird nach 2341386 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : ******
Computername : *************
Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:27:37
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 17:27:39
VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 17:27:39
VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 17:27:39
VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 17:27:39
VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 17:27:39
VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 17:27:39
VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 17:27:39
VBASE013.VDF : 7.10.8.37 270336 Bytes 10.06.2010 17:27:40
VBASE014.VDF : 7.10.8.69 138752 Bytes 14.06.2010 17:27:40
VBASE015.VDF : 7.10.8.102 130560 Bytes 16.06.2010 17:27:40
VBASE016.VDF : 7.10.8.135 152064 Bytes 21.06.2010 17:27:40
VBASE017.VDF : 7.10.8.163 432128 Bytes 23.06.2010 17:27:40
VBASE018.VDF : 7.10.8.194 133632 Bytes 27.06.2010 17:27:40
VBASE019.VDF : 7.10.8.220 134656 Bytes 29.06.2010 17:27:41
VBASE020.VDF : 7.10.8.252 171520 Bytes 04.07.2010 17:27:41
VBASE021.VDF : 7.10.9.19 131072 Bytes 06.07.2010 17:27:41
VBASE022.VDF : 7.10.9.36 297472 Bytes 07.07.2010 17:27:41
VBASE023.VDF : 7.10.9.60 150016 Bytes 11.07.2010 17:27:41
VBASE024.VDF : 7.10.9.61 2048 Bytes 11.07.2010 17:27:41
VBASE025.VDF : 7.10.9.62 2048 Bytes 11.07.2010 17:27:41
VBASE026.VDF : 7.10.9.63 2048 Bytes 11.07.2010 17:27:41
VBASE027.VDF : 7.10.9.64 2048 Bytes 11.07.2010 17:27:41
VBASE028.VDF : 7.10.9.65 2048 Bytes 11.07.2010 17:27:42
VBASE029.VDF : 7.10.9.66 2048 Bytes 11.07.2010 17:27:42
VBASE030.VDF : 7.10.9.67 2048 Bytes 11.07.2010 17:27:42
VBASE031.VDF : 7.10.9.77 135680 Bytes 13.07.2010 17:27:42
Engineversion : 8.2.4.10
AEVDF.DLL : 8.1.2.0 106868 Bytes 13.07.2010 17:27:45
AESCRIPT.DLL : 8.1.3.39 1335674 Bytes 13.07.2010 17:27:44
AESCN.DLL : 8.1.6.1 127347 Bytes 13.07.2010 17:27:44
AESBX.DLL : 8.1.3.1 254324 Bytes 13.07.2010 17:27:45
AERDL.DLL : 8.1.4.6 541043 Bytes 13.07.2010 17:27:44
AEPACK.DLL : 8.2.2.5 430453 Bytes 13.07.2010 17:27:44
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 13.07.2010 17:27:44
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 13.07.2010 17:27:44
AEHELP.DLL : 8.1.11.6 242038 Bytes 13.07.2010 17:27:43
AEGEN.DLL : 8.1.3.13 381300 Bytes 13.07.2010 17:27:43
AEEMU.DLL : 8.1.2.0 393588 Bytes 13.07.2010 17:27:42
AECORE.DLL : 8.1.15.3 192886 Bytes 13.07.2010 17:27:42
AEBB.DLL : 8.1.1.0 53618 Bytes 13.07.2010 17:27:42
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, G:, H:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Beginn des Suchlaufs: Dienstag, 13. Juli 2010 19:35
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZuneNss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMSMngr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'crypserv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVODefragService32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'H:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '438' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\7-Zip\Uninstall.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
C:\Program Files\Veetle\plugins\Veetle.ocx
[FUND] Ist das Trojanische Pferd TR/Spy.Veetle.A
Beginne mit der Suche in 'D:\' <Diverses>
D:\Recovery\ZZZ BACKUP ZZZ\Users\****\Documents\BACKUP!\Downloads\7zip442.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
D:\Recovery\ZZZ BACKUP ZZZ\Users\****\Downloads\7z457.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
D:\Recovery\ZZZ BACKUP ZZZ\Users\****\Downloads\7z462.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
Beginne mit der Suche in 'F:\' <****>
F:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\44e4ef72-5a7fc72b
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Clagent.BA
F:\Users\****\Documents\##BACKUP!\Downloads\7zip442.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
F:\Users\****\Downloads\7z457.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
F:\Users\harald\Downloads\7z462.exe
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
Beginne mit der Suche in 'G:\' <leer>
Beginne mit der Suche in 'H:\' <MP3 Alben>
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Desinfektion:
F:\Users\harald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\44e4ef72-5a7fc72b
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Clagent.BA
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4808135b.qua' verschoben!
C:\Program Files\Veetle\plugins\Veetle.ocx
[FUND] Ist das Trojanische Pferd TR/Spy.Veetle.A
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '509f332d.qua' verschoben!
Ende des Suchlaufs: Dienstag, 13. Juli 2010 21:00
Benötigte Zeit: 55:45 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
26125 Verzeichnisse wurden überprüft
438513 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
438511 Dateien ohne Befall
1882 Archive wurden durchsucht
7 Warnungen
2 Hinweise
|
|
14.07.2010, 12:06
| #13 |
| /// Malware-holic | Mehrere Instanzen von Internet Explorer das war combofix. bitte öffne mal den arbeitsplatz, c: dort qoobox auswählen, rechtsklick, zu qoobox.rar oder zip oder von mir aus auch 7zip hinzufügen :-) lad dieses archiv mal zu uns hoch: http://www.trojaner-board.de/54791-a...ner-board.html wie unter punkt2. rechtsklick avira schirm, guard deaktiveren, dann öffnen, verwaltung, quarantäne, folgende datei auf dem desktop wiederherstellen C:\Program Files\Veetle\plugins\Veetle.ocx Submit your sample hier mit verdacht auf fehlalarm hochladen, ergebniss posten, avira öffnen, quarantäne hinzufügen, datei der quarantäne hinzufügen. |
|
14.07.2010, 15:40
| #14 |
| | Mehrere Instanzen von Internet Explorer also ich hab qoobox hochgeladen und das hier sagt avira: Code:
ATTFilter Genaue Ergebnisse für jede Datei finden sie im folgenden Abschnitt:
Dateiname Ergebnis
Veetle.ocx MALWARE
Die Datei 'Veetle.ocx' wurde als 'MALWARE' eingestuft.
Warum macht combofix sowas? ist das was falschgelaufen? Ich kann mir vorstellen, das viele Leute da schon schlimmeres gemacht haben, als die Windowsreparatur zu benutzen, wenn sie Win nicht mehr starten können. |
|
14.07.2010, 17:06
| #15 |
| /// Malware-holic | Mehrere Instanzen von Internet Explorer combofix hat aber ne andere datei versehens gelöscht... naja solch ein problem kann nun mal bei jedem programm auftreten, auch avira kann mit falscher bedienung ne system datei löschen, wenn dort eine fehlerhafte erkennung gemacht wird |
|
| Themen zu Mehrere Instanzen von Internet Explorer |
| adobe, antivir, antivir guard, avg, avira, bho, cdburnerxp, desktop, explorer, firefox, gupdate, hijack, hijack this, hijackthis, hotspot, hotspot shield, iexplorer.exe, internet, internet explorer, langsam, logfile, mozilla, mozilla thunderbird, object, pdf, plug-in, rundll, software, system, systweak, vista, windows |
Linear-Darstellung
